Re: [Lake] [core] đź”” Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
John Mattsson <john.mattsson@ericsson.com> Tue, 28 February 2023 11:57 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E89C5C151AE7; Tue, 28 Feb 2023 03:57:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n3WMzJD9YMxv; Tue, 28 Feb 2023 03:57:17 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2061a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::61a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B88F9C1516E9; Tue, 28 Feb 2023 03:57:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g6JRtJXbwmQEyMTzvDTU2XTO5lRqmY5dJzAXabOFGlrbvm4phCUybffCIhU0YU6B5Ayq287dXv9RNTr7nqK28Z4rLKNabFJMy8S9Fc5J2MDtEjT1dVuMaYvJe1gZSZ7C/AHQFmgSW5K9+oivu6L8lNjiOa6sKRjQ77kq1tq+B/liQY5G7w8RQ/yZbDLznLihSMcIS2pWBrP9AxR1KLS7KcXQLa+0GQj9Uz8yT8H9O9/x6srDL7PCpyV8ReXvkCll29N6A2Fb937i1pPwa0dfdEDusv9zD0HHGsgWq02SS64lwIL4if+fQecpqzXBcZgPiiFqgC0GA/VS3YoL49v+Gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pz4Yn9IEp6Ye6fO0XzFq5EQBII2D8WeLVTgk3aZsBAU=; b=HSGw1swIDgfGVmOwZ7w6R6GbodrIRWTV2+x8of7EZ0KHGoD1W5G6JBYOhACtqZBXdX8jJc5uFX8cUQifk7Wa19HLYic4JJZs2qE/FN/YE9OhTeLzva41KE4EqtUOGQNw0MBnoJ9fxVsXbJ3FG6P9oGrO96//90zK8F2MyfYbGmHVUazuuTMcJ/uLKz10UMluVQjqp1HCrIo00VngbkepxjksYuLWkxOUFa3A27fQE6RdvLcQeUWaBee/Ci+EO5q55RYcZESFUY7ENkbN0xY43S2k5UPlDr0iiavRdkcplW0x002Bc5Chmz3NThie7NI9irT6DUThcWKwEqQAeZSqSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pz4Yn9IEp6Ye6fO0XzFq5EQBII2D8WeLVTgk3aZsBAU=; b=Tq4bxWOrs+5LUil28RG9G5QxP/IN/N4zzbejDhQrriZ0JjcskYBxSGaOMZZQTj67PO3TNngQByRpGzMrwx1cpb57Bo5DIhR9pkd9i/yA+JqlrotOSs/EIpxi1N82JEQ8hZKVwYhHiciGKGR7zX3knP/YxeAcdOLinims3+j1ZVU=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AS8PR07MB7350.eurprd07.prod.outlook.com (2603:10a6:20b:2a1::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.30; Tue, 28 Feb 2023 11:57:12 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::916e:b205:36f6:6748]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::916e:b205:36f6:6748%3]) with mapi id 15.20.6134.030; Tue, 28 Feb 2023 11:57:12 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Carsten Bormann <cabo@tzi.org>, Christian AmsĂĽss <christian@amsuess.com>
CC: "core@ietf.org" <core@ietf.org>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] [core] đź”” Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
Thread-Index: AQHZS2vKS8UGGZ4v/kCPxJhkwlJV+Q==
Date: Tue, 28 Feb 2023 11:57:12 +0000
Message-ID: <HE1PR0701MB30503D6232C3FCAA94C9327089AC9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <F02C5E48-A196-45EC-8576-6BC67EC26AD3@tzi.org> <Y+1b4qX6Ya7BCbvk@hephaistos.amsuess.com> <7A07B432-3DD7-4517-B22D-C5C58E9910E6@tzi.org> <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|AS8PR07MB7350:EE_
x-ms-office365-filtering-correlation-id: 474229db-51b8-4e35-9a25-08db1982ed86
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F6v3n6Jjc9u5CWzx9rucvKPWG2IYqipZha2ekGgRDUz+fs7X+dXM3V25/sHjRvV+71zvAtxO6/QDbeTHEzcsXD9f5a03DZzYYI+bTELAj9+jO/vI05CToMaoKmaFALfT8da7ZmqTjtxNG+BVlFt+HORa+yLfJMqvSiAEFVjATTF6JCtj/eVis6d9+91bYfGX3EoRz2OPNiZ5XtiGCMSCWL9EN65uCam9dUZmWtKWLoz6JAOWH5+tpy0C7MkRpMR8FajrhBJ2lyhAMDT3jtTMt5vUjUhEVpdktBi3pQ9D21loTBXtIcrZTj/BP/WYoInWZk88dCXquC+twmNxSeucQ2BxKZryuZM/VoLb0+kRoikUbe4zjrKse4Hpya5vew4yX1d90Je+r7MTA9EHJsLmCOsHFoAmcHXqipJcHLK07fs+H+MJoBH85GsBAaU+y4OKpGZh63+Sb+wV/jYl34piXjsJ1M0nu3sypnO3EBQ17iGN6wLYJmw13VZGceZozaBNkzckNBAY6PRRZ/xDY+DXigW/H8o8S9DIIXiDi3uJsd8uPaNahtKBLyn46EAZPG36hGNGLx1K7meGhe5+HRKfbHkA7Mzokh9jc520KUZoxCNcYgRvNhl8pzV8oU37I73rxwzz5DNWk4nv1geY+TDEFSTr98+UKJ+6ata9kAB9YR73E5brH6ZQnqhMDxReFmp0lJwB5eH3gYljrOK+XGPyy3rIhzNOMwwm8tY3cSeQwQc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(346002)(396003)(376002)(366004)(136003)(39860400002)(451199018)(4326008)(38070700005)(82960400001)(166002)(38100700002)(122000001)(86362001)(41300700001)(7696005)(33656002)(8936002)(2906002)(66946007)(52536014)(5660300002)(55016003)(66556008)(66446008)(64756008)(44832011)(66476007)(76116006)(71200400001)(9686003)(53546011)(6506007)(186003)(26005)(66574015)(110136005)(83380400001)(478600001)(91956017)(316002)(966005)(54906003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X+5B/52wbGlUQx/mrYtG2saum93t+CJuUMjhawpf8SHC7KLvu1kOUHFzDp8+Maju71feSFjgoutY9ipKV1OX4E7KvTcqNdUGTk375QAWZqDiF93QpUPYGYQKdUepVPEBbpobuV0t0DBHsbK/K+30PLZUsRcNT1b43zOULwp9IOfbhPb88F+XpL6QAk36MD4CwML63Gh0A1/9MvE5vDWfb0/mYCrLZ3f8lgdAtlWzS6eD6tw/dibfrueBTsq7fwCPqHtyA0CpTO6e5HzBW3EQQIp6/gchhaoUPp3RSRWu+hslp1BwrGZthr18dzj8A2Wyy1wEIzbhABx8BQHjMric1kbUcQ5I5nCqxjG22kf7W6GxZZl2UU3I91du/SodY68o6RWBzrSjHTusOSUca+IR9WU2f4epfemfGCWJz0nq8ZP9rCEw/CVGeI/Fp/1XUT17HVavp2LNXLl8A7h/gpA0bCbG2es/FdssFPvSWcDzz20SO8/wyY+QFylprxJqR3S7mZ/Mn0Hznn1SbaeKar1kW5oaAtv1vXmYXetScwAOzEmKZrI82JRJbnPQahJ+WETG+FgP07vcb47aMKw7x2ErhjA9mGy4KMD+AjI+D/jlh/qJL/wNMplXv6gucydAy5PxpDKSfSeMIX9l7GTCQEuDXiR0inNPtFMh0kTBRLzDV69HE6T1CXDfKjHLy6wLKvDQ3jeWiujPvUT3InzV+71Fovi12TNSdSBUrtlaxA1vbICfhDVaYYXFSC/Di9LKgItXZSZ7UhdilNja484sPaSEf88lXrQT66F9MtHzZ6SvZhR3TXUFuJ/rnubNcmPDsIyJXY7t6IcqjzlVQOk4UyGVQfzs1jqJrdcRHMEka8E3DKU+n/XsyIjND23jw70kIswrMsiSKLRXidtjAXCvSDxuu4oyJPHdvcw7wRvsKdFNuFj7E5JyjEtzL6OHYal4jsfglosVR6A9Vst/ZRPRPk4cNLVQUqiJO54l9iJkZI6b62jwdm9BUskxPa7TBvpC6mJw6QH43UcI7y39OmK3ZmB5P6tcXdGs55bZ+o0eHhTVUvhRFAotZb4AEMZRKOteuXWhmOwfJGi6wf1FKYW6+hozE03a+9IHbq8UJEPc9e5pl96z2AOaUfoqDXEl5Dl2IGv2NNPhZFiUjmT6o2COWJQxml1dQbNS5My2Gq6vFMyZX1RqEd9Cq6UimNsQP6vdZi417w3yThLhDhAOc3tVR5EsuTkmGzzpCZOV3tez/FkGqvLIMnOfP/MZkp8EbIKvWxeCkBKCFdXFkLJaLN29ItRFZXP6MT7fPBni/go5zZ+/t1A2j96nP6cSm7XeoieiIMqRUYyRyURnTj3TwIoC0HUNOs3jyuFsx3QFT+qZkJOqhVFq95s4vuheio/XiUgSr1jOt7FE5cebzRZ44Q8lVONju2L1oP4HnLxxyt0NC3lN57wLm92mnWBU/44EgCCBJTmfu+j7LS/biahKyuIaztxLeaOxWTQAD9oJpPev5kp2VmzGCWh+smcK8VWwSLH88vda4rVEAVgdegAPHqkBKkzShC5dCwb7z4DllX1UlkBpAOo6JJu20WMjps14PFnCi461/aY1zYixWiJVeJQ39YFeOUFzwW9qOrEyf7Q7mhVKGXc=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30503D6232C3FCAA94C9327089AC9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 474229db-51b8-4e35-9a25-08db1982ed86
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2023 11:57:12.3896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: J10SoKytkF1T1xdn2lSloi+9UkHTNVa8HJu9uKqgucdLZzSB/ruEKIAZnAOKzFW97ch2BeVHuHMZc9qFGx/yhuKVVFimCElZDGxX2Iyt64U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7350
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/iJz6XpJXAFydfjiPd3kfFqPOtLc>
Subject: Re: [Lake] [core] đź”” Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2023 11:57:21 -0000
One more comment:
* 'cred-t', specifying a type of authentication credential supported
by the server. This parameter MUST specify a single value, and
possible values are: "x509", for X.509 certificate [RFC5280];
"c509", for C509 certificate [I-D.ietf-cose-cbor-encoded-cert];
"cwt" for CWT [RFC8392]; "ccs" for CWT Claims Set (CCS) [RFC8392].
This parameter MAY occur multiple times, with each occurrence
specifying a different authentication credential type.
I think this should be made into an IANA registry under "Ephemeral Diffie-Hellman Over COSE (EDHOC)". The registry could be created by the EDHOC document or draft-ietf-core-oscore-edhoc.
Cheers,
John
From: Lake <lake-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Date: Saturday, 25 February 2023 at 18:22
To: Carsten Bormann <cabo@tzi.org>, Christian AmsĂĽss <christian@amsuess.com>
Cc: core@ietf.org <core@ietf.org>, lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] [core] đź”” Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
Hi,
I have reviewed draft-ietf-core-oscore-edhoc-06. I think it is ready with issues.
- "Profiling EDHOC for CoAP and OSCORE"
Not sure this is a suitable name. It does not really profile EDHOC.
- OLD "first subsequent OSCORE transaction" (several occurences)
- NEW "first OSCORE transaction"
it is not subsequent anymore
- "CoAP [RFC7252], CBOR [RFC8949], CBOR sequences [RFC8742], OSCORE
[RFC8613] and EDHOC [I-D.ietf-lake-edhoc]."
IETF uses the Oxford comma. (Probably several occurences).
- "may be set to application/cid-edhoc+cbor-seq." (several occurences)
Any reason this is not a normative MAY, also what is the reason for not have SHOULD or SHALL? I don’t have a strong opinion.
- OLD "not transported precisely in the request payload."
- NEW "not transported in the request payload."
But probably better to just say "as specified in Section 3.2, C_R is transported in the OSCORE Option."
- "using the new OSCORE Security Context established after receiving EDHOC message_2."
I think this should be "after creating EDHOC message_3" The context depends on message_3.
- "Check that the EDHOC + OSCORE request includes the OSCORE option
and that the request payload is a CBOR sequence composed of two
CBOR byte strings."
Should check for the EDHOC option as well
- The document is not clear on if you can send back an EDHOC error over OSCORE or not. It should be.
- As discussed in LAKE you can get 128-bit authenticatation security by combinging two 64 bit tags. Has this been discussed in CORE? If the mechanism gives this property for either peer is should be mentioned.
- Is is clear what happens if the EDHOC + OSCORE Request is retransmitted?
- "where the ID Context has zero-length."
This seems wrong. There is nothing special with the zero-length ID Context.
This should be "where the ID Context is not present"
- 'ead1', 'ead2', 'ead3' and 'ead4'
This makes no sense to me. Either you support EAD or not. Also knowing that the other party support EAD is useless. You need to know what kind of EAD. I stongly think this should use values from the EDHOC External Authorization Data Registry.
Cheers,
John
From: core <core-bounces@ietf.org> on behalf of Carsten Bormann <cabo@tzi.org>
Date: Wednesday, 15 February 2023 at 23:39
To: Christian AmsĂĽss <christian@amsuess.com>
Cc: core@ietf.org <core@ietf.org>, lake@ietf.org <lake@ietf.org>
Subject: Re: [core] [Lake] đź”” Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
On 15. Feb 2023, at 23:25, Christian AmsĂĽss <christian@amsuess.com> wrote:
>
> * 3.2 step 3: "The first CBOR byte string is the EDHOC message_3
Ah.
We are using the term “byte string” to describe the generic data model data item with that name (using major type 2 and enclosing a sequence of bytes into a single data item).
We are using the term “encoded CBOR data item” to describe the sequence of bytes that results from encoding a CBOR data item (any CBOR data item of course, not just a byte string).
So where the byte string is h’010203’, the encoded CBOR data item encoding that data item is 43010203 hex.
The latter, of course, can be carried in another byte string h’43010203’, which would then be encoded as 4443010203 hex.
So it is really important not to confuse “CBOR byte string” with “encoded CBOR data item”.
(Of course, this distinction applies to any representation format that can carry its own encodings, as in the JSON text
“{\”a\”: 1, \”b\”: 2}”
which is obviously not the same as the JSON text
{“a”: 1, “b”: 2}
In JSON this kind of embedding is rather expensive and thus done less often, while in CBOR embedding encoded data items in byte strings is a rather natural way to carry certain kinds of information.)
GrĂĽĂźe, Carsten
_______________________________________________
core mailing list
core@ietf.org
https://www.ietf.org/mailman/listinfo/core
- [Lake] 🔔 Working Group Last Call (WGLC) of draft-… Carsten Bormann
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Christian Amsüss
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Carsten Bormann
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… John Mattsson
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Christian Amsüss
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… John Mattsson
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… John Mattsson
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Christian Amsüss
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… John Mattsson
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Christian Amsüss
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Marco Tiloca
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Marco Tiloca
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Marco Tiloca
- Re: [Lake] [core] 🔔 Working Group Last Call (WGLC… Christian Amsüss