IETF Logo Mail Archive

[Lake] Re: EDHOC prototyping and feedback

John Mattsson <john.mattsson@ericsson.com> Wed, 12 February 2025 09:27 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A201BC19ECB6 for <lake@ietfa.amsl.com>; Wed, 12 Feb 2025 01:27:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.251
X-Spam-Level:
X-Spam-Status: No, score=-2.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coBbSyUJNzbS for <lake@ietfa.amsl.com>; Wed, 12 Feb 2025 01:27:55 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2051.outbound.protection.outlook.com [40.107.20.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A6ACC151077 for <lake@ietf.org>; Wed, 12 Feb 2025 01:27:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DNyRSf7SmxJwnniBCGHV8x0ujvA1yGdtrMEX13tceV+ZIjBt+u5trDSrNYwVVnlBPfDSbKDW8UFDuDS84q1GKgu4adCGyHw9WvLMtQ0+PdbQukS8uKS9i6FMtUWw6X+H1FQRA/yTGAQGhfTWPg3CQNjAS9Wms+noL+5R11YJPMNI5MF0sLp6YEBJ/YC8tKG3Ut3JjbqL3MnmMTNP6ZQzGhYBMkS8jaEMeYLy0tRnqndWZlBqKUlx453nGPgeJFLlk4zBEn/VvwXqCma+rSXUQsVvV2EXgGsLLIXNaTrWSAlSDuPZUapvZoYmJSw5DBCw4c5mK/4FHFw/u2A2Vpd2kQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8ahEcMexDHGBoCXOavFMVjzrFphcaOiq6He8JxcAWcg=; b=xoeMPiQ8ci6weJ414sDZrYE/f5TqkgDNXjo/llNWvzZlzoa2+y+6B+XAiQw0P61MGalgcdVpod6BsM9xoGf3T89NuSvzCKF0Tdih0E8ZLbizNwie9EoNxUjGtm02VuZmFrcpUHdJhDzHk9tVUz7MKiVmTaVLasYZ+Vk7DHq5iM37zvcSs04/mDS7Zy6vBSNXbfDK9Bnev7H8q27b/GGV8zsgGRhVI9iELSkh8E7AAugiQgWFav5nMv7dIQkxM7psfG+jpPvk23B5Q7F3NAImXriLlaHg3zsWMcBUsBQulxzFHUYeAgGCg8837le52VBI7ifqFO8gR2q1NJ1/nVGTVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8ahEcMexDHGBoCXOavFMVjzrFphcaOiq6He8JxcAWcg=; b=Tecg0ZigYQ0CyMqXMKpkR0cC6qqg82k48Iar7F640VQvGsjafk5AolOpY+VXYIslMObf4fGM9GWb3MBREbt2SfvGAZ14vVBRPXjoiLgFQYHR/R6eqD3EmnWAbH59+Y8XNN/tOEWlEXV5zsW5SQQn9ispy27JOK4RTzE26f5Gs9kh+RvcAk71MI72UXQ6Zd3j/pWZF8eXYYObGaCIyC47TUliywjgZ+mbPpOLOh39IaBd1LJ+92C/B1Md2wFOH/p/eweXAkwYwJUhQHRAYci6LgXLn59MOohprPXVOgSv7O/6t2A9bua8QGpUNOf0YiOKpvKEBX/+FK5g1bgpKfqlPg==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AM8PR07MB8107.eurprd07.prod.outlook.com (2603:10a6:20b:36e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.23; Wed, 12 Feb 2025 09:27:50 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%6]) with mapi id 15.20.8445.011; Wed, 12 Feb 2025 09:27:50 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Brian Sipos <brian.sipos@gmail.com>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] EDHOC prototyping and feedback
Thread-Index: AQHbfDS4Yl0hDLnTTk2xy2B8gPTVKbNDZvHy
Date: Wed, 12 Feb 2025 09:27:50 +0000
Message-ID: <GVXPR07MB9678A81F66ACCF35F8BF0C4B89FC2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CAM1+-giJ-Hy1dezh1t2hchywEwmiwHZtcc5M=qaOavy9mmPT4Q@mail.gmail.com>
In-Reply-To: <CAM1+-giJ-Hy1dezh1t2hchywEwmiwHZtcc5M=qaOavy9mmPT4Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AM8PR07MB8107:EE_
x-ms-office365-filtering-correlation-id: b1ca3e33-ceb4-4fd9-05d9-08dd4b478524
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018|8096899003|7053199007;
x-microsoft-antispam-message-info: bmViFR4BB5Mn8PUZxD5OV1V7CjuYWMccXZs317adAGPLivycnMwsYUZPZ12Q6WRz7QJS36B3YLhF6do/fniKn2Uzj/AnR4+lFkab/Uq1J73kWJy4WpSII3lYQtoYRDeA9f/v44cdv6TkbfROOViHzOm03ODDQAiDfyXlEGxC0UJOmszHbbiqmXQ5qX+vXTLt3P94+p25ufZtacwIgqX4VLeDq/n7rnw8bRsC7sZTmnfTXBQvIwsZevvqz7e7RXoJUOxYVRuoEmS3erTJ3hPOpEO5Uy103zhaBTkrRo+RAQ02BN6p6RW0iTtjAmjJooviNWzsvFEkB59OqilesemSFiCxEA/DLrCfzjquu5BB1OJd0femJtAEH1Hk55zmvDSoMu1sm2x1VIfXQHQJywxZw0cd/uKtlUIKDQnmuLrrc7s39/eNqK864MoZhI7cTPYKk4Gv7OIHmPk/ci5eiw4ZWm4io6uLu0u84Pti3fCJAbibwCJ4vDQuGug75mIKipoQ0SnCi5I0i6w5zxAvU9T9BHUakOLCpoAPZXP7pCFK6iiO1YAiwFSCx17ysLENy3t4GzL3YgiGTHWjxQtFcnAQ8Rh1DZfTonY7HJt3zblM+yebnpEEc/17POlWuUBTayqQFIvwd9TEw6nVhkK4vyH3tAU0zvU42KIGT6NtbGWmzBkWBF1Okqx0yKAfa8BQJ98/URzmUxF4J7ZlvpGz7tfyWGMnZRpkZfQAC0XYNcgWnxcyXSJXm1CglN1DiLjmZuVb3YaU5fk3rw/qbqGc5oe7/lXqtNPexhXugNyOhBi4XwK5tFhqXXPVZIiqB4SeDC1rsC78izqOUwZ3K1uJ6x1hfxM73PqcGsp/2zQz7tXcDwgFir+FICJCLv0fqnVRdV4hxjR2ihh2ANxoHS3rd+yS9TJv7p/lt3Ff3e2ElQOiMas9s4VmOin3J2kU8jj8jTHg8R5tDohAi9HZAe7aCn+4680+gOwQslRiZK1KSJg8MC6ikfGN/SSOB5ZiDppsfSPGZgbhR7yyzV1q0m5uDO9pz6ANE83FPcFDGNFQi+XVLqKmPC1PqQrgIHayRD8apsIRSkWFWUILigx5YAg8bopDBLWTyJD9kA/OzXxMfk8gMFIHNq9aYh/8xAcTX9E4QelM4s9mGeko+W2RnyPmmjHH9d+uxm9TuaZXE5dpo8XZqM7mok2mQBePYCUebeoOEYj461jg38nHlL3HtaWh8PM5LV2BOOVy+KYHdZEy2+MIRXwFhI/vTTxbkynGElpQ0+VsZsl1eBplv2FWvd/yKGhrXBYXXIGe178ozT0eQQQtSxZesWxiRcOOENuNWag6aXMqcACiTxepHhPLndPNumMMAR3ZKLvFKl10EbtjxN6iSYpkOqW2L5ieFTISGqaZLjTbp9iy2bD8k0ViFqWkZgkG1kBsnd8cfnuOq8o4W9jY0XGmEv3018YizLQxQZrPP0sM
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: DCO3l32B4gq/GzatwdWWQea91+4g7OMvnM9HpQHaWhWk+s7UG5w0vSqGRbBz14M086P1/+xJnaoF14upDT7muYO1rMAha+zzqJOm/oKC58qY1ur2dzkS8EX+MBklli3cwINoipDbOO1VRUAomSnZsHxKl/YJKcLnpjsJzuBOTmwIuU60DfDz4yFb0pzd7zeJHPUprjm/lM8SQsB6Uh18WKoiaxZ+JLKATlm0vIIlEXRWsO5FKKgS5XwWo9KXDvgkkK+9WqUFmH8mGmQVjmDtZSFnQHfEfO6rgAXZjJaN1kWG4oM4+A5l+cSrRwCeinyKcgrqy/euC31FMAt5oZsGo8NVTSVjjfX8oqyfkqREn6sLyz8J1Mozqh2qf6sQg0u1VBL7dhO4CUYF57NfTbVJ64QWWgtrw/TFGsLtJJS59qwsNlcqCy3QJFmnELMX4M2NARIf6Jsv+/HqUnb6nt5Z0swor+/nFFcy/IIUY+EcKakbXOY1nPEyDgrwJ8dMnCpd4+VaS8kaaFbVhkdDrpW8p21IMx+aZMF3j9zqQO7NhQgMwJYq/D+Iw+xqVn5HREyEoOUQV9k8HRGpsHb6O7tBGcXPlgMBSNZoTJIhNjDzNuRx0kOeI0MOWeIjrfQwFlvegS2X7DqY4vOK4Ar5Sb6o4KCISSnlgwUlr0Opk24bw7FngDThplXrC5kD2UNq9V5I3ehX4OJap8QxcgqwKbSc6GIPLlytCCCld1R9e/1WN/l9RHgFh5YQEmiaEjHXp4+M3yghRa5sBPN8FLrOzDu8bYExUoil9GebIztTIKdfQIuTD5AkJZ0c8DahEf+S4iH4UMDKZy2WHrxlcOdEw9WRZ1CyFVKYbUM5BbtC4ZP3ksocZDIuM9WS+e+A6L6ozj7jyZfTpw5fAOw7UpPbHOOZspwSHJUHcdLO6ac3AsjZ+oBm9R26canAZjnNGM0g/OLBTAsD9G0CEcss0NBGFYEcESAjUr50TzxO7nikXB5qJp/wC6nHHB+8l7BIhP11J5gy2KQBaXhMkgj630Wjom1IJ1QmXaOuetvZG2XbWisrAQNeRC3I4SElMw3cdXnKrg/u4eDVt2Ymf+mCgy/RhhiUV3g65m9mfe+/wXUOw92kP/w9XFCYYdFY9FKt0rUY939+vZpRBbvgxTxmR7oyNhbTHYbP3F8igN9n5eTxu3YBxo9bfp9N29dbayJg28J2NUiFBjt1EPEFoUtKX1lKifxld00UOz0m8lb/XJ/q8Ixdyr4V2H2FXINA2YoMPmkqIouuEMQim0/dxP1JdBuy/fHEODl9bmV6d+IqKk0wasNTvglyuctzOyZ8qvAkxtNpDC0SdxsunIhC7qkkk84wKbllQiWzCt01uv5AoHE2C1CLdHAF2kIpOoxh2XLWdhOAD4a3lz4TnBPUpuLrD1WeHB9wLbw78D4WwL4VO8TUTfROZ7tM+PsztWR4z0rHfBGi8JI/SpNh+5Ez5zYqN6iGLQjh8NtpJEaj9ghJdpu7GLqxQ7GRG6fZdwJazWR9/NF/qUCgd6HMfoWt/1YUh7LVykb4hEg4jQ5YXyDc4ea0bE8n8oEUvoA4wkXT3Ns3DZUJz135CkSt59YOArB65jZVxU/qccCAW48LYJe+HXToRa8aV9w=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678A81F66ACCF35F8BF0C4B89FC2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b1ca3e33-ceb4-4fd9-05d9-08dd4b478524
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2025 09:27:50.4672 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uA+MNmHLOh1+yRYv7bFV/1Trzi9z+CrMAFLYYC+PrFmRyRJi+VCkMOT6iGlKxSqYH+yTw5dzLY10HO/pc6z3If7M6DNa0P7bF/0jTvm7nRo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8107
Message-ID-Hash: ZLOGYTXXLBDLRTVU2GKJ2Z7MT6KVO57B
X-Message-ID-Hash: ZLOGYTXXLBDLRTVU2GKJ2Z7MT6KVO57B
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: EDHOC prototyping and feedback
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/hV-rTz2LXX5nZRI1hmJPOqiYLm0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>

>One additional embedding design question I have: is there any technical >benefit or drawback from registering more than one exporter label, as the >OSCORE use does, vs simply use a single label with unique context data?

Security wise they are the same. If you use the same export label, you might want to specify a context format. As an example all TLS-based EAP methods use the same TLS exporter labels and then use the EAP type as context. You could have done this with a single exporter label and context = (type, key).

John

From: Brian Sipos <brian.sipos@gmail.com>
Date: Tuesday, 11 February 2025 at 04:26
To: lake@ietf.org <lake@ietf.org>
Subject: [Lake] EDHOC prototyping and feedback
LAKE WG,
I've gone through a trial implementation of EDHOC from RFC 9528 and overall find the definitions in the spec are clear and understandable. The detailed traces from RFC 9529 are also helpful to verify not just self-consistency (being able to establish a session with my own implementation) but absolute correctness against the test states.

During testing I ran into only two intermediate states which were not composed as I had expected from just reading RFC 9528, and the differences were subtle. I think at least one of these represents an errata against the spec as written.

  1.  The composition of PLAINTEXT_2 in section 5.3.2 is defined as a CBOR sequence and the notation used in the ciphertext definition of "PLAINTEXT_2 XOR KEYSTREAM_2" implies that the PLAINTEXT_2 is treated here as a byte string, but when used later in Section 5.4.2 for the transcript hash "H(TH_2, PLAINTEXT_2, CRED_R)" the transcript-being-hashed uses PLAINTEXT_2 not as a byte string value (with a bstr head) but as the sequence itself. I don't think any of the text for either uses is wrong, just apparently unclear enough that my first attempt did treat PLAINTEXT_2 as a bstr item for the transcript hash.
  2.  The compressed encoding of ID_CRED_x used in PLAINTEXT_2 and PLAINTEXT_3, where a KID-only map is compressed to just the KID value, is apparently not used in the construction of internal MAC context_2 and context_3 data. This is not explicitly mentioned either in Section 5.3.2 or 5.4.2 respectively, and I think this does deserve an explicit mention in the spec that the context-encoded ID_CRED_x are different bytes than the plaintext-encoded form of the same structure. This is especially true since it appears that the C_x values do get compressed encoding for the context_x values, so there is some inconsistency. Not to say the spec or traces show incorrect behavior, just that the encoding details deserve explicit discussion in the spec.
Overall I think the function of EDHOC is quite well designed, especially the extensibility via EAD values and the PRK exporter interface. One additional embedding design question I have: is there any technical benefit or drawback from registering more than one exporter label, as the OSCORE use does, vs simply use a single label with unique context data?

Thanks for any and all feedback,
Brian S.

v2.31.3 | Report a Bug | By Email | System Status