Re: [Lake] Ways forward on MTI cipher suite text

John Mattsson <john.mattsson@ericsson.com> Wed, 26 January 2022 07:04 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1223A2806 for <lake@ietfa.amsl.com>; Tue, 25 Jan 2022 23:04:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaxVkd7W6k4k for <lake@ietfa.amsl.com>; Tue, 25 Jan 2022 23:04:21 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130050.outbound.protection.outlook.com [40.107.13.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D5FD3A2803 for <lake@ietf.org>; Tue, 25 Jan 2022 23:04:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NlzDK+VwFRhpa4jEOAU5GhiIzt8pbTtlxGpnAa6WKU9wmCIoeHNpAF9ufXk9YLCy6Ng9sbNie3re8senhQ0T9vu7DS3A1CKwOcXt+xNg1lL/4dUDPTVofXz/G8UX2vT1sV/CS1DNTqTMTi4kGOEsUl6UecS88SirEdwGvZVM2CHlFj67whb78dZ7EOh8N0hzcIe4YL3deShUZ7emfqjw327hstN5cPrBNuIQvQWAmnKUNOXoZ4vJ7NncCZPYCQj6hNGFhCOF68dB8rcfl+vMBPweMVl5KUBADOU66ST3pggtUWYU++D7QP5ruiWw+bCXE4mtSD7lAQ9gnrYXOeL4bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CBp/VtKS98UGU1FOn0SccdcDOfFDD2IMtPEW4v1dSmM=; b=bdLsDMoTpIcSDniJueqY0cfMz7YpgEoHe27+RqcVtHCPDVshr90jYVqOCoPMrUf0ES/ODY6zepc6KdtHghFyhzzwY533iqn1TwB2vskwEgWLX/OoZJ3pmHzzlgUxAwdiqxoiibjlcrjT/JzeJLqEO+ioLU199EbQhD9I8LLl86OZPH9M/K9G1qexBZ8OTjEE/iyg3a2v+fAZUOLe1CEEwnu8QQ0EjJTPxuhtWh0tg6TvR0Lp9s1EOEPPKfI0FoWxL5ns62iiG81OGVfB4Fnz3luPVj3VLu0PEBUaZYhfjwNYYrJpCCYNNY0F+yWPk3pAdyrTvluzsUcaJ+dIM66fyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CBp/VtKS98UGU1FOn0SccdcDOfFDD2IMtPEW4v1dSmM=; b=kTGcfLLC1ESNteXj/4QYL9RbErTo6M2SFO2wMDlckW3zYs8aBV+qVYzhCJ3h+m3GSuSUy5kpblhxtXMqTtmNvAbsTmYO/ex2SnUBscuzrcAezKwZwxWJfYJrOIJ3+UEi08jbP2xSGFxkPpxh9e+HWnWIP1dRs31VuOfnigM+3Xw=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM0PR07MB5521.eurprd07.prod.outlook.com (2603:10a6:208:106::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.5; Wed, 26 Jan 2022 07:04:17 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::ec63:344f:ebbc:a251]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::ec63:344f:ebbc:a251%10]) with mapi id 15.20.4930.015; Wed, 26 Jan 2022 07:04:17 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+3etYVtTz/9UintzI3aLxfhqx05Gft
Date: Wed, 26 Jan 2022 07:04:17 +0000
Message-ID: <HE1PR0701MB30505089ECEB11415901D15789209@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr>
In-Reply-To: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5c9e1875-3034-4914-62e0-08d9e09a1198
x-ms-traffictypediagnostic: AM0PR07MB5521:EE_
x-microsoft-antispam-prvs: <AM0PR07MB55215D748A8C73F0B670E16489209@AM0PR07MB5521.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cZSEXp8lRcOq2VvtcuCLbYTreJSJg56sEJTKiMCVh5N8h9GiiET27YGYuYmNCOGZQndKf/RizyadG7N8Eu46R5+2Kn2uqAl1ZTo+o3wnJaz0sTfdkxxNg2oGsUg66EBtuFgCPxMoP328TY9XgSJOtGlufq0eNuK++lbz2c0/6skEEgx2wkGKiez7xAxhNzuLsHjaPa/l1ch3/3nv2AIVmu0B4Y9Z5DvD+YuWCw+VhPhjMj838V+pzLlWxb+vFwXyTikURPl0y6MZfsmRZQElXn1Z9lXra3c+cwVQ0AFwEK02EteJqE4YURnHcP74WmdYLkg3kFKnfYKVnn/5cVVQg2TwTH5fcy7qT6KQ2h/dud1/u4nf0LQcIRMm2pFknnA6fWUYQDYJqbdwfWCpYHuLnBhFINkjWPi5i78nO2mdb6J8S9Yp6d2yL2qpp9BekkREQUJtY76RO1g6wQXwuhhFFoIrtMFwHu1Vv2nwrDmIIdhDnkpvCbO5zIgtup/MofBToAEgBmFzdljxC9oJUNPMhodf8XO1BMZg/MF2YqJwUL/ZtLloiroZAZ6LOj2LtQenAvzQ9Hzb1JEcJfm5HzbspjqEM7rufVAIAq20TSEqHx/LTgK3jqPwypGmDl51r7/pPKm9XzcnyuGVwO+2uhKcIhujHWxzp3hkj+RAssgwR8ET/Lai6U6Y2PgLzD9N08+coxa/lbnhEQUkYJkEGW1AAudDTKwfccLSdk8uzNQGyTd0pHZ01utb6rcAaM109kN0Ie9bV5V6MgiuS8V7mHvYUsxcFP9xgAmF2yjHXAbqEi0UH94Q2x4htX7P92h0TLSnm16DMAk1bHu0DAXnFNlz2kBwdr9ZcvDW1S8T1pHiQF3gjmLqw65L7YC79Au1+HaH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(55016003)(966005)(8676002)(33656002)(66946007)(66446008)(508600001)(316002)(9686003)(76116006)(66556008)(64756008)(66476007)(53546011)(71200400001)(7696005)(6506007)(6916009)(8936002)(5660300002)(52536014)(83380400001)(44832011)(66574015)(86362001)(38070700005)(166002)(122000001)(186003)(26005)(2906002)(82960400001)(38100700002)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dgXsp9m5ZmzJJGYbE6dJLKtdIbbZgfG0KGZZ+5HJr7FPachoCl+Ju0aZOLZtA+utSb/lTQArZGsIf8LV37hukUD5tc3KOhSOOQCZhisbc9d5tD9z/oPmcujGbnEiqM67JO3A52l2IhaBN9ygDDDLZYqwqHJkgwGQp5TGkxw/Z2Hi/1JRIAtgJv3KAd65fryNO6gYlkXlQFq57Ko5Lr8fNv70DYWcENheN4kLpCVqZA/WCnVbCoVxGOafrIyIb2GzWjPVTwsjGqLgjHezyOx4V6htJlB/9x+Y3T+/JHYN84eeYHKfCF677adD/3eQyMTiDXJy4uwEiVkygSB/wYzn0ra74ZCwxThiOfZ4D+rUDYVAiOD/9zrxiBljRBAPKBEQ53aKnm08qCha91ULwdRlcApMtCHOom6qjukCdBjAXuqshODVEAHvAlmjSORKk4fflu+YHbrzOABTVSrTMCOEkkGV7AV2eHHFb9NFmoiFJwxyCgg/Fr/ab7YRgb0PPnCa/JqNhPDzYrFuaZ9U7T9iEOcMfwd8ojnBjvnw3b7IKj27lV+wp42OyMqG2WP4PPX2H93yzU1NGiPL/mCKtOSnwVltUfRKYGWMiXeijUvYkYrBh/NFeeUCBWkE9uyz8UlAIfTok7T81gpC2qyu2Z6S9M8pSOgtCcCHcnj/OX4odus8p167cTRthKqmQdMVDhy0zdeOzOF+dTM6ta36S5+mj0DUHNimWLcQtVf7kUhjR/PWfHrVxaqe0pDcsbdSeYFuJzcd4nXBF0DFDcFCQKcxPLgTP7DucXuAs+eQbNam8F712VzG8GmzNsAAJvDI9/Qto2OsJdGykGeIs+6c/xRbP3iev0NfkbBVMnfF7HIsv7QMXHzS5h8nCG77fuQlY0zcgW5gvWe0qJZTiZ4JjUBJpUVTCa5NtzuzRpyth6qQrn0mlrl871aS9iC0mNq6XJm87dCfEIQSKHoxiOrVWSXD176++kcnqVAX2DENnQ7GLbWW2nCKjJAVKzRPzgSYAPunu6voXV4H8flhcSBL/iskZdXs6fy8y1bv6tldkwHoaNIfDeGV6a6DQ7Uef7ZLVJUfkHgiV6/9ofSKYf7Ssyrrjk4NYpDAZdgd4dDZ8eOdOkb5cUFuRaPDZEaYqqVJDTrWQlZa7y4iTjhv9+w06x1gerM6jjoRMY+g0RlHllfELED60rlzrm2/rVSji1EEw4pYGKo0YQgmduWekDlef5v7gDp2VTZ2Xf2SYqld5QidS4G7dcoHxQH3uoKO+ns50c2uSRY196IvhGGbhTOon6b0SbeLCADOEs9h28OwyNzP+yneuo6YR2eFc4ML00KZvA9zsJ+Rt+KNuPjGe6Rj+/33Ubw5LXafO/H6pcAAdTXDNBH00eU5tVwak4DVBJmFv5yztHtr9QvqKwm8EFImrkvqDQIpaJsI884fZ3Mg+fOAdULC9OGd+NHD9hvr35Q6pClyngRQ8YKLbVKvREicwLnxRghwcXmJEYQSJ8nOBBwrXP669RA9er6M4E9xDgvtyXZhJkcD+n/b7uj9/fcYc9ULarIJfIv8AWfK/K7DFqNfaS1453qYFuPIZx4bBQIw/bY5BOHZHD29qAMIanh8A2TXttoje+c06QUzUxsFB34xD61xpQdG1Iltr8B1ZWtMPqyOggmz4yFOdKnZyRt3z525yVsDJFfwTjKJgok+999HrLk=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30505089ECEB11415901D15789209HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5c9e1875-3034-4914-62e0-08d9e09a1198
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2022 07:04:17.3170 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jq5hSfv/dRYZwFojxJ24uYU1vJ5etbZNYmLGQnXrUp5mjMct2oUzjJTVQMwtAvJ7CekikeJAsZC+zpm7S6R8e8SCpF4bUr2RvomFhM6VlVo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5521
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/efk2faoIp7ocV8jHLIYlmR6l6ww>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 07:04:28 -0000

Hi,

I noticed to nobody has argued for EdDSA in the recent discussion. One potential way forward would maybe be to reformulate the current text without cipher suites 0 and 1. There has been several people expressing that they want the requirement to implement one or more cipher suite to be stronger. This would lead to Option 3 below.

- Option 3: Remove cipher suites 0 and 1 from the current text. Reformulate according to current discussion. Make implementation requirements for cipher suite 0 and 1 stronger for some types of implementations such as maybe less constrained devices, software libraries, non-closed deployments....

People typically have strong opinions on details. It is sometimes easier to agree on nothing. Option 4 below would align with what COSE is doing.

- Option 4: Just remove current text and replace it with nothing.

(I ignored the “2, 3, or 2 and 3” issue above, that also need to be discussed)

Cheers,
John


From: Lake <lake-bounces@ietf.org> on behalf of Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Thursday, 20 January 2022 at 18:03
To: lake@ietf.org <lake@ietf.org>
Subject: [Lake] Ways forward on MTI cipher suite text
Dear all,

During the last LAKE interim meeting, we discussed the issue
of an MTI cipher suite and we agreed for the chairs to open a
thread on the subject. As a reminder, the previous discussion
points on this topic are summarized in github [1] and in
John’s mail dated 13 May 2021 [2].

We’d like to see if there is rough consensus in the WG on
this topic, at this moment in time. Knowing that the formal
analysis of the EDHOC-12 specification is under way, we
should keep in mind that additional input may arrive down the
road from teams working in the computational model.

As a reminder, the most recently discussed text for this
is in a PR [3] and states:

“For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”

The options we see at this moment in time are:

Option 1: Keep current text as-is unless/until more feedback
is provided that motivates re-opening this issue
Option 2: Proceed with selecting a single MTI cipher suite

We'd like to know if the WG can live with Option 1. Note that
doesn't mean you think option 1 is perfect, just that it's
something with which you can live. If you prefer option 2 or
some other option please suggest specific text.

Mališa and Stephen

[1] https://github.com/lake-wg/edhoc/issues/22
[2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/
[3] https://github.com/lake-wg/edhoc/pull/225/files


--
Lake mailing list
Lake@ietf.org
https://www.ietf.org/mailman/listinfo/lake