IETF Logo Mail Archive

[Lake] Re: EDHOC live debugging

John Mattsson <john.mattsson@ericsson.com> Fri, 28 February 2025 17:47 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A2C3F3E9485 for <lake@mail2.ietf.org>; Fri, 28 Feb 2025 09:47:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fklqXw-I3yIo for <lake@mail2.ietf.org>; Fri, 28 Feb 2025 09:47:34 -0800 (PST)
Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on2053.outbound.protection.outlook.com [40.107.247.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 143B23E945E for <lake@ietf.org>; Fri, 28 Feb 2025 09:47:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qjj48NthKVifTaCwyK9bJ2I/1f7yjcFRQjqOv7sCR5ZA8s8GeWBOLctDRkv57jJNBSycdPfK1JB9mc1+zP1nkVF6p08HmuAH0CFtymTq8/CIK6nUDmLAh1OocCLh1uA9Pl9coxK8tW5+Kz048Al8VuxnXm/Wfx3DRBdj5sEsONsp2X7KhpmdblYicest0pnuLsqZI7nqnvqEjLjGrIV2CQqwS2RMmzyVAhIwV97SO2D3z7ij1eWXQFiflvPR74kyolLeSGoesKpZJMae/3+fVOvYseiRMNZVecQcDlyeLAWY3M1++9G/ZFv92ryIy5qZhCgAb/w7TbzUN2XhfVg3fQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=28mFPygGMahIXoPxaIpdKOsoUTgqGMvD5d2gR2avJjs=; b=DM7YtS277MJiQXCocAPl+LrGlYDz/2VPsCypjZJoWWQibzBmEiwKMmKuSKB2elp1+KG2j/0BHPiuVqtc4naaUrCCYac5ns3jiEqAPMiMwQ6Dd1Trn5JSrpPLXZvf7X0hPvuRP4x5414Okk7BorrngL1YPbeHNG+5Grx7NdXY2O6D82JZ7M9HylXgmhH1zotm0Qg0zxGtip2gBedBP2EfMtFes7JLcYCXR9PWUGasGcdGfDLJ7r6ENFAcTsgGX/XjaeMXoInSbh/T80KHrZGjxn4Z3geTf01SzHs/5h8K6eh1Tnss0O1Z/oUKoR5XlzTjSHCLrGa622rnLg4tWXZ6ZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=28mFPygGMahIXoPxaIpdKOsoUTgqGMvD5d2gR2avJjs=; b=t/UDHzw0hfoVtPsA7BT+bSJhHquCHCtlMOKTU0eVPNqTazHtY8iQzPdXzhIdGvmXLk+w1EjXK1ZaMc2SOds9GdaJH0l2zIvlqtWvF2aSCYgPY64flEUYPpGff1rbmszgSnPHzSh5GmBKR3fEkwFHToa2ssXDKqflSi9P2VTz1EaakqH89dP5aTNXUV4KJyUJuKJZZ77zCJ1ELkp/O76QZleIvyjrmIRY2XjlAbnNXPZ8CBhyRgoenvsn39gCK0jyZpCvxo/dCJ/6FapApzwI+5hfSehRfjG4L1TeD6juOJgzLkyms2EIWk2HyfgczdZbX1dP9f4X9kQ/YKj75bXYKw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PR3PR07MB6828.eurprd07.prod.outlook.com (2603:10a6:102:7a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.19; Fri, 28 Feb 2025 17:47:32 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%6]) with mapi id 15.20.8489.021; Fri, 28 Feb 2025 17:47:30 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Brian Sipos <brian.sipos+ietf@gmail.com>
Thread-Topic: [Lake] EDHOC live debugging
Thread-Index: AQHbg6rU83qCpwZPr0Sj0L/0BD7AYLNQUZYkgAy3h4CAAAA4tQ==
Date: Fri, 28 Feb 2025 17:47:30 +0000
Message-ID: <GVXPR07MB9678334EE71B71020E9171A789CC2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CAM1+-gii0RvsfwDbPq0KFCCc5SC6p4EivuE0Z+Zp4YEkHFB9OA@mail.gmail.com> <GVXPR07MB9678A821BC65DB21D080896489C42@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAM1+-gibA-sV6MEK38Gb-joU_6bJuaz4E9XqR56LMKdLTJ9eiw@mail.gmail.com>
In-Reply-To: <CAM1+-gibA-sV6MEK38Gb-joU_6bJuaz4E9XqR56LMKdLTJ9eiw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PR3PR07MB6828:EE_
x-ms-office365-filtering-correlation-id: 25ba6ac7-0601-49c1-bee6-08dd581ff94c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|7053199007|8096899003|38070700018|13003099007;
x-microsoft-antispam-message-info: AxjpKXesCo2jxVMGwmw+5C7VPFv57ahbzVF65vcQt6AmtlMT7H0wd8kRzyO95mrPyFVuhb2zHDkmXnLI6bJgVw5PZu+yrCFEFzfFWvXEtlf4mQBHTmSEY6dOaNV6P29knh5wXlxkCn1tcNlcSdhhHZaNkrfdYrn5z44uBefapiJpXelPOeOiiLFxaamw1qJM5EK8u/QCbHfvnhCTa2sN+2QzvKU5ee9SPTZBK14gvGl/3E1LM/93exgnuFiJBAuhkHGQtEQY2oVg9SKXEfuvDUbVR5mKuL3F2LSXTf0QfyMFT0iWmYtLMWdCZ2lmzZQ4y1dpCnIE1+5NeNGl1CVorVV1xChgnKG6bN6f9vGfp1TPm8sloyQtEAqrNEOYtCAnTluCRUmud8AFh59PRRAWRpKyvL9Xv56xlKbbB3P0bSqaozAo5cTV+KO9h8M5TizGqzCwNdT0qeKs+35swvDVKK861bQouZOUyyZyv87WbIFTjhSuRJKwgHDh3SQxcKYZEpncvPLpugH/JLEKUDJNniKJQQ0i/oMMmNXiyJwU/Xzk8mW6mEBXfn+VAFguny599swOPTBeshnXexZP8rBZ43HdyEYm5/wqQN3Fb/WUzfsv6ojY84uHDfR2iGH4pHUd/RIPEuBCjQKx7Cb4CWofYC8IRffhVnECzYtyNsIxBe58UWhkXo4JpyI6pN+mWXZR5O6/VxsCHrP0a0/GHo8CvBlE+7bekxROeHXl2Nvk+4xVBwk6lBBOrNxx4NLb2Le4phLGGHUBPykEEJ6dSjdsXxSxGjwSOfI3cf4FljosLFkppbkgGPG7LxyIOhso5hsZTZk9j4IUcNq+gbXfUJ6NOB0s8vhXq8k5zMXfmIxp1IDc9xPZ19Z2g/yKghgNUTrahzuYympWVNMMRiPDKhuCJT0kkU1l/+ASUppDn/FH76YhJwuYp9T13JNHYxIkJ1vhzEgvIrZD2qXQYZ9rHMS6G/f8NIdZfJZhSCvrxzlZa47LSGX5eW0qWDDZD91todp5gIqCp9XQBO/evujHxBBPDZwSEgsA9SWgiBnkcAC8FELgDTsZfNbo5WISQa1zmhYZVJKdpBq9fV6zyW3QQ/ctEGJtYkETkHMa6TsY9OqNG8fK+Tm0Vc1GwO2Q7Re0zq6QAosN/lw1uKppeQqdqfLXeFEmceTphRTm8QpBjpenx0nnTd//inYn2hchvgqrwFOzHvI+8CtLljd8Py3G2r5OyO4/cFjL83Puxtg9O1vew/cG9k8yiAQh/7StmVoPlcnjcYDH0DrRnyCJmY5xUAVZIFelWm8qo4rNx/xikoC9fZnpWEqa6HsEQ51TC14Ky2yu/efc9sfzGeS8Y9EaDms5yei4UkT3mzr4E/InRYAe1n2Ff91xR8RXVSaU2bmv6/r0hxi5DIxXlPySvlLJAh7zDA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(7053199007)(8096899003)(38070700018)(13003099007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: en9AyP0i0cx8kmTWZHq+YE1y7UPU7DejG3vHAYaxmbvr7AkzN/FvopE0Er/jEvPZxxLwsPSDNsOSVcEWD2YhoHWgSCRDu3ns5vCnRcsu98YZDAr94yIep3W0+6tomxvmyfaLmkOE3Pv7syYMOx//WhtQ05jv3L9Q5sQK1/c0+nCS3LwBBzcPZV50rHBNy+2FQ2eXO3A8ykn8XpiISWIzYENlwBJRxpu8q4NVAg6ButFHhb5ep5ntosmKnRDkKHfK4WxCq3K7B7h0D2t6mGU43v++/oofw/NzxI0KykKdn7UgVMI1Q2FW0Dhos1mU8JEYUqgm6mYf81J/SwkTBqQpiWsIPL75/nNej0el5XJkGFoGWMq6U31ay4/J4IMntTk9IEB8ks6eVVJZLmu7p6X5IqvGidM4ECOAfUH1sRP5VamkYTzgTlZWseO0gwebkd2N2N3bBMnFt1UT8581itZFGUfJ2Q6PtBV5+r8cRNACjReG3Jot03UAvuV7YigTmGhpbaBGwnVKauHdaw5/ugL9cMFsv2Pm/DLIqaF1SkdCOc7dD7IrKFZ57ys7CAZuYc5gY+fgjeQxET+9Ub3PztXmUjdW0ju0HnzRjAIfeVUrIv5zlbCDY959fCoyqWUChJGNIa3TnZLNTS+BTu0cL3gcjAl93Tk/e9qQ51BxXJIp/oYooBgR6UkRc7QAlmCOPXwLLxHIKgvURFlc28E1Cvxyr+0BnVJpZttSQ5fk0Ybr4QnBxKoJkoTwDH7P7mCY2yjeYH0h4epW5EVQ863jFpJ6oiMnLsjHfdV5fo+BizGzB5mm9vWekuh1AEYUlA2266dmGR6ICA/i6iHP0dtWRndHCzucpLIMHeaPRHT9w6IJUD54Pklxqqk3VIZfDXDPL4xKblPhxycfKfa7vSWpA9zpbuVbgCkJzAmEXinX552TQWvHRfDSM04YS4q2xacZYvxon4VQySphQZ9j4Y/YlQlSPnsbIHDAGVEBoE9OmD6A1CbXAKjNPgZtu+t/h1Gqzm7kR2ogZiW6oIQbLoGu+8P0n4F6MB3dqCMhjM8B7uVKIoekVvN7tfEOLX1KunMJ+tstCUAVGDYFEM5GXFx0r6WtKZwxZ4brevECvJ3H6P1BmDjzE0+3bOtYNtU0u8d97ExFslqbmwtwRXzqb26J1ksC7Q+o4ja9i6vsEFvxwnsGLDsyO0mAUfLfG/137ru+oAGM9qyP8C5W4+wRQMuheyd2rvpoAhA5hqSEPUZjW+NxZJA1z8X95A373WoMndR961RbQF8NEXaLIIZDIWxRgeCV4SNkIZOIAbMhTuPQ+RcofIOwXsTCt9F/boE4e99yx25MaRZ9D5A4wU5Cw6RxxZtpcu4YPVyQXDWFNZUKCdEQOEtzJVRKBapvqfOWKGNjeRzqlINyyeFHmTsQ+gBPAYce0f03+2ggFzwDaGin3XomS+PPC0hsy9sYBGgYmlLdXKF3YpE9HRevlPFj8jdvTgh6D0pQGD3quXm2suV+X/IwvqDSRKPpJLsxr7khp3VAaelsZ1ZSwjDjoEjl7lnD22k1bdPBQol5lXQnm6P229TfSznDb7m1z8a+HLbgXVukj4CpfEs8b7rVXkegYh8fNtqxzCsvs1PzQQW0arZS1Jl3e1Q=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678334EE71B71020E9171A789CC2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25ba6ac7-0601-49c1-bee6-08dd581ff94c
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2025 17:47:30.5981 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZUlULcW5DZd3m3uNYG6RPmSuhPitZHASy1mMOkQoS7TRIcc7Smp94J7mnv88r+puiL0SReRzrVkAMffiymRBzgT4BdZAEYtawXOqG9E751k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6828
Message-ID-Hash: NC4YBSMZJTPCC6UR5BWB5R6C2J4BCEFO
X-Message-ID-Hash: NC4YBSMZJTPCC6UR5BWB5R6C2J4BCEFO
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "lake@ietf.org" <lake@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: EDHOC live debugging
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/dMCwddn7VdKJP5vo9JwSY50iCq4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>

Hi Brian,

I think EDHOC parameters should not be mixed with TLS parameters in the same registry. As TLS is planning to have the registry in the TLS IANA name space, I think the easiest way forward is to write a lake draft that suggests to create a new registry under https://www.iana.org/assignments/edhoc/edhoc.xhtml and registers the needed parameters there.

John

From: Brian Sipos <brian.sipos+ietf@gmail.com>
Date: Friday, 28 February 2025 at 18:43
To: John Mattsson <john.mattsson@ericsson.com>
Cc: lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] EDHOC live debugging
John,
That is a good point, thank you. I've done a little prototyping on this and will have some detail to present at IETF 122 if my time slot is approved. I've also sent out some questions to TLS WG about potential use of the SSLKEYLOGFILE format and/or label registry for EDHOC secrets.

Brian S.

On Thu, Feb 20, 2025 at 10:36 AM John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> wrote:
Hi Brian,

>EDHOC already includes a C_I which can be assumed unique under specific conditions as an analog to the keylog >"client_random" correlator.

The analog to 'client_random' would be G_X. C_I would be a bad choice for this, as the client can reuse it as soon as the old connection is no longer needed.
John

From: Brian Sipos <brian.sipos+ietf@gmail.com<mailto:brian.sipos%2Bietf@gmail.com>>
Date: Thursday, 20 February 2025 at 16:19
To: lake@ietf.org<mailto:lake@ietf.org> <lake@ietf.org<mailto:lake@ietf.org>>
Subject: [Lake] EDHOC live debugging
WG,
Is there any general interest to enable the same type of live or offline traffic inspection and protocol debugging for EDHOC as currently enabled with TLS and DTLS using the SSLKEYLOGFILE secret storage technique [1]? EDHOC already includes a C_I which can be assumed unique under specific conditions as an analog to the keylog "client_random" correlator.

The internal key schedule for EDHOC is more complex than [D]TLS, but some simplifying assumptions about which messages are available to decode would narrow down the minimum need for EDHOC shared secrets. I think using a file-based input to diagnostic tools is more hands-off and automate-able than using manual export/entry of secret fields such as what is used for IKEv2 in Wireshark [2].

Any thoughts on or support of this idea?
Brian S.

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/
[2] https://www.wireshark.org/docs/wsug_html_chunked/ChIKEv2DecryptionSection.html

v2.31.3 | Report a Bug | By Email | System Status