IETF Logo Mail Archive

Re: [Lake] WGLC for draft-ietf-lake-reqs-01

Christopher Wood <caw@heapingbits.net> Thu, 19 March 2020 16:47 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1E43A0951 for <lake@ietfa.amsl.com>; Thu, 19 Mar 2020 09:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=quNHN6uE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JOEfFZep
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3bwrZqEuq5Q for <lake@ietfa.amsl.com>; Thu, 19 Mar 2020 09:47:18 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 797713A0962 for <lake@ietf.org>; Thu, 19 Mar 2020 09:47:13 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id A211193E for <lake@ietf.org>; Thu, 19 Mar 2020 12:47:12 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Thu, 19 Mar 2020 12:47:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=WNmH3 pB4usRnRzVxKxh195A3hlikbg9F7nGB+QnX7qk=; b=quNHN6uESRm6JqE1l6jgy yzom8rwc2yvO23dlOAxWK9noSwabDn9FW5NO1I9dWoLPdNGHqRTpP6AIt0bu8JtN h+Lg9qtnmnY6NXiEZzsO9WYKyn4vn7UeD8/r7ypNiKk+vHA4n/Xbk25yXe7/iqv2 vqjFlUejUlBsObvFbvef/WkWGwU76Hr+mkgbli6Prh8EPGvYY9mL9xGj3cuazD9U Pt66vsZW6PB98n81Uz1ThOJ1+RJIZad8a4zHdZwIGuPYjY+9uNmmjxoqICQwYbIl M0DDftrG42uLGHNe+cRMw+PNxdU6mz/KfaGcYTQPPHPpNi3cr6KrLjKNUY5JVU8M w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=WNmH3pB4usRnRzVxKxh195A3hlikbg9F7nGB+QnX7 qk=; b=JOEfFZepUC5Y5enfDdAn5Eth2AIuE2GbT0eGluGbJvGjJab8nf8f/+Z65 xCRCnc0M86AjRzDMkXT5/PxT8t0qDCy1c4fxZS1ekRMTvSNewDy26aY0cvbr6xXB RHf5MhuojRCRDeQG45XFguMu5+QbxqD0dKBzFK/5Sr0Pl+lKCnq7AMFz6j8SA895 F9js5q+ObhAVDNhRj5qJhWYj72z8hGyyk8oGocq5Ln0jwJasGbSnDKjBE84LGcce Cm6gwPzOYX297Pq0Wwa15skf5XTiu+lLuQOjV26/1oHaPgeVp9nWG5Mt6S0uRtGA fnUizuH6NqteZCEAwN3JvxVJ49i0Q==
X-ME-Sender: <xms:EKJzXuGmwj9xMTNgI0kA9kliuIqAMmbeFuPnO7vKxzp1Xn1opeFhxQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudefledgleefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggr fieshhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehivghtfhdrohhrgh enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgif sehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:EKJzXik8uTHRFPFALd2nt1fpUo33qAwbvMvvSg4fcxa41OT-q4I8ww> <xmx:EKJzXhn3gYT8YzUYIILIKTZhDBfwKg93L28jQhJmLwu9O5u5Jv6MjA> <xmx:EKJzXjsnxBLHlbUFI8cgHtwOgd17gWPAOYE6lAdsrtiA7I4c39sEog> <xmx:EKJzXuz9TZp0Z5znZ2heLJsl420X_6AUZ_xdEXMPcc5vVGCTQKs-pA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id ECBD43C00A1; Thu, 19 Mar 2020 12:47:11 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <c00cfe1a-db73-4d09-b03e-d9e290c05642@www.fastmail.com>
In-Reply-To: <191b7e3c-4453-a60c-7d5d-07a051e8b85e@cs.tcd.ie>
References: <b7c084b0-8489-5c05-046d-33aa70c85b94@cs.tcd.ie> <191b7e3c-4453-a60c-7d5d-07a051e8b85e@cs.tcd.ie>
Date: Thu, 19 Mar 2020 09:46:49 -0700
From: Christopher Wood <caw@heapingbits.net>
To: lake@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/i4MhSJ0SuXlxZP7d9j_0C25qAbw>
Subject: Re: [Lake] WGLC for draft-ietf-lake-reqs-01
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 16:47:26 -0000

Thanks to the authors for compiling this list of requirements. I think the
document is in good enough shape to move forward in LAKE. I have some clarifying
questions and comments, which I list below. I hope they're helpful.

Best,
Chris

~~~

Section 2.1:

   Furthermore, there is no assumption of
   dependence between CoAP client/server and AKE initiator/responder
   roles, and an OSCORE context may be used with CoAP client and server
   roles interchanged as is done, for example, in [LwM2M].

Does this imply that a single OSCORE context, which I assume (maybe incorrectly)
has credentials configured, may be used in both initiator and responder roles?
If so, should we be mindful of Selfie-style issues? (It's referenced later, so 
perhaps not.)

Section 2.2:

   The security of these
   systems can be improved by adding PFS through an AKE authenticated by
   the provisioned PSK.

Is it worth mentioning the hash-based ratchet technique for improving forward 
secrecy as an alternate?

   In order to allow for these different schemes, the AKE must support
   PSK- (shared between two nodes), RPK- and certificate-based
   authentication.

2.3: 

   Moreover, it shall be possible for the receiving endpoint to detect a
   replayed AKE message.

Why is this in the mutual authentication requirements section, and why does it
need to be a requirement on the AKE? Would it be better to require that replays
do no affect the security of other AKE sessions?

2.4: 

   The AKE shall provide a mechanism to use the output of one handshake
   to optimize future handshakes, e.g., by generating keying material
   which can be used to authenticate a future handshake, thus avoiding
   the need for public key authentication in that handshake.

Do we need to constrain how (often) endpoints use this state for future 
connections?

2.5: 

   PAKE and post-quantum key exchange is out of
   scope, but may be supported in a later version.

Hybrid variants likely don't make sense for LAKE deployment scenarios. However, 
it's unclear if the AKE shall allow hybrid KEX algorithms. (Perhaps this might 
be mentioned in Section 2.8 instead?)

2.6: 

   In the case of public key identities, the AKE is required to protect
   the identity of one of the peers against active attackers and the
   identity of the other peer against passive attackers.

Should we be more precise with respect to which role (initiator or responder)
has passive or active protection? SIGMA-I and SIGMA-R differ in this respect,
at the cost of an additional flight, so it's probably worth clarifying.

On Thu, Mar 19, 2020, at 9:05 AM, Stephen Farrell wrote:
> 
> Ping! Today's the deadline day for this. Please do try
> get your comments in on time.
> 
> While this hasn't been controversial in the WG, I would
> like to see more comment as there hasn't been enough to
> determine if we have consensus to proceed. So some more
> mails saying you've read this version and are ok with it
> would be good if that's the case. Or if not, why not.
> 
> Thanks,
> S.
> 
> On 21/02/2020 15:32, Stephen Farrell wrote:
> > 
> > Hi all,
> > 
> > The authors have asked to start a WGLC for the requirements
> > document. [1] This mail is to start that. The deadline for
> > comments is March 19th in order to give the authors time to
> > prepare for discussion at the upcoming IETF meeting. Since
> > my co-chair Mališa is a co-author of this draft, I'll be
> > the one calling consensus on the WGLC. (If that gets tricky,
> > I'll likely ask for help from our AD.)
> > 
> > If you can, it'd be great to get comments in the next week,
> > to give the authors a chance to publish an update before
> > the March 9th I-D cutoff, should they think that'll help
> > us get done.
> > 
> > If you think this is ready, sending a comment to that
> > effect is fine. If you think it's not ready, you do need
> > to say why and ideally suggest changes that'd, in your
> > opinion, make it ready.
> > 
> > As a reminder - our charter calls for us to park this draft
> > after WGLC has successfully completed, and we'll not be
> > sending this on for publication as an RFC at this time. So
> > please try keep the focus of your comments on the meat of
> > the content rather than on crossing all the i's and dotting
> > all the t's:-)
> > 
> > Thanks,
> > Stephen.
> > 
> > PS: I'll send my own comments (with no hats) in a separate
> > mail shortly.
> > 
> > [1] https://tools.ietf.org/html/draft-ietf-lake-reqs-01
> > 
> > 
> 
> -- 
> Lake mailing list
> Lake@ietf.org
> https://www.ietf.org/mailman/listinfo/lake
> 
> Attachments:
> * 0x5AB2FAF17B172BEA.asc
> * signature.asc

v2.23.0 | Report a Bug | By Email