Re: [Lake] proposed scoping text

Göran Selander <goran.selander@ericsson.com> Mon, 27 April 2020 15:18 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05EAC3A0CBD for <lake@ietfa.amsl.com>; Mon, 27 Apr 2020 08:18:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.921
X-Spam-Level:
X-Spam-Status: No, score=-2.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 043Qcf1cVMZu for <lake@ietfa.amsl.com>; Mon, 27 Apr 2020 08:18:40 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60046.outbound.protection.outlook.com [40.107.6.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 229A33A0DF1 for <lake@ietf.org>; Mon, 27 Apr 2020 08:18:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l3TesHr5zbLBYVukurlJYuMqrfvJFif2qC0mpMPBSHU1sj+Y+PSk6PgSgg+kJL11D4s7P2eNz+x9/AOUkCEuVn0MjBD90dyrZoXTYnLXQ100IylHNp8sNowVyFUHyZDryyl+ViN6SXhIfE3uSfJB7hsWjQNHlp8Pp9U7J6KldDkGdPTDvHCGFxrB6sTYo2Jm749UA0aCu+lCwzYfWwshk1+hgTo3BDOjfe4u6qaIZUIQCv9oh+ly32hsmYheHyjDAST3rLdtlnENEeV4paJjQCmaDtud5VVOZHPeVGWv/Dzbb+SIFr2u3Y9N8Q2IYY/Ij3fZGqf3Xw1B9nIxcvCFcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Q3DbRSJvxKgUPmPlQOobIOZhbFV0LqUGw34p01Jm7o=; b=jMe4SYRQrWb+L4qbzvCOYgDB0udBOxUz2PYQwfz6p+37DbS65xOdeK9zjgobdU8hcsmAwooKYVQnJ+89aT8vtmUByfPSrTLo6P3RKZwvWlI3DAYtep2TiNQwhrMdjTp/wEqC+f3e7YZY3BL6D2LPghKzFpSa3j9yrqtryye2w5aqeZZiDJZvfG1CTsUQTQLCrHApNNWCT3eTqpUg8teP90nDzDHTNzkxkvSlRyT1XOI8gnwt/NO9bQ4FjFDX5IeLL6RNKYGVmvzXEPLQcQWzFF0WQVSdyYR8zMQauikQHWtpIZLizdlQRRrdj+gC2vJ2ZqDUMFGDJoPO74BuEvAFMQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Q3DbRSJvxKgUPmPlQOobIOZhbFV0LqUGw34p01Jm7o=; b=jfdu44tZag+el6C3UrigAew/k7IHkaZ6ELpqHWRcglJ3PEfZUmAFnlTly89Ocp7MSFFwsw9GUQhIApmG7tRy0Hio8MerklJ5nHplU2t7o+waPKkJkWBT5p+E7G7Ta8SRpQgmepT2v2xeqYqK8/qj64+rRsEvrg3zB23hsi4y6II=
Received: from VI1PR07MB5023.eurprd07.prod.outlook.com (2603:10a6:803:9e::13) by VI1PR07MB3965.eurprd07.prod.outlook.com (2603:10a6:803:38::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.14; Mon, 27 Apr 2020 15:18:09 +0000
Received: from VI1PR07MB5023.eurprd07.prod.outlook.com ([fe80::7c90:eb1a:e7da:2321]) by VI1PR07MB5023.eurprd07.prod.outlook.com ([fe80::7c90:eb1a:e7da:2321%7]) with mapi id 15.20.2958.014; Mon, 27 Apr 2020 15:18:09 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Christopher Wood <caw@heapingbits.net>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] proposed scoping text
Thread-Index: AQHWDbwwxw6VdyVM3EK090880yrRXKhws8wAgAmSdICAB7vjgIAHECQAgAPetoCAAB23gIAARXiA
Date: Mon, 27 Apr 2020 15:18:09 +0000
Message-ID: <89186C99-B479-4FFF-8C28-987EB00F8CC4@ericsson.com>
References: <3780afd5-7012-d808-9584-07e04913cd19@cs.tcd.ie> <239BEC0D-240F-4830-A7A4-0172B62BD6AC@ericsson.com> <B620C5B0-8DE0-489F-B0B0-2548F3C83B49@ericsson.com> <F3B1DD90-2ACB-41FA-9A41-4ADE2D929A7A@inria.fr> <c1037af3-c48f-40fd-8fb3-5c7d4f549798@www.fastmail.com> <B0DD7218-A4C2-460A-9060-59EFEA1113F7@ericsson.com> <19199e5b-5372-4651-b90b-8a688fba9b19@www.fastmail.com>
In-Reply-To: <19199e5b-5372-4651-b90b-8a688fba9b19@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.246.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 207f4575-8f7b-4148-f9df-08d7eabe31d6
x-ms-traffictypediagnostic: VI1PR07MB3965:
x-microsoft-antispam-prvs: <VI1PR07MB3965E334969B3B707100D837F4AF0@VI1PR07MB3965.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0386B406AA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB5023.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(136003)(39860400002)(396003)(366004)(66476007)(66556008)(33656002)(91956017)(86362001)(66446008)(81156014)(8676002)(316002)(8936002)(36756003)(66946007)(186003)(64756008)(76116006)(6486002)(6506007)(26005)(6512007)(85182001)(71200400001)(2616005)(66574012)(2906002)(110136005)(85202003)(478600001)(5660300002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pk1CdhwiLmLZrBjsLsW4Xz5em8cGq66Q1DzAnxhe2nqI4foaumzQ4Rdc7rVPRDUEPwj+9S3T+jGT9AaLDBL4SEH4dAGA6P2P5Bi6jK27xxsJw+7QfeknmtNOv9sQPytkFdEzb8QX4eYRbvyCqTKogYpHVDjMuanWMnZTFjejcQVmMbts/xSpdgu13+hN4llj6yJ47l7nzESQjWKkQlGEHlFycObNgZCH3gW9UE9Qz5AaNPAfIOpYU8r7kHIsX0VZT7kKcQd+ln8FIEKuzGjKBM9OjpTpeFOD6zwtpYZ2imvbHNSfnsE78nFSr1GZvP/GEku2x9O6gC8auYmFwcx8jqiztOlR1Ajv0YNkciwRWp8RfsznohaMcXK0A4YF71XvIMLiVS/FilYWGvR6nwzg5+ZWPp6cHwRn93OOkualpxSrRkEKuJLugCCrixsaWQUOtHVZ0xQx132sA1DDxCYS72dBlj6Q4JbOPyJCA95kPebT/gSfw0ZUwq0Zo/tP3K3hOqW5T3in/lzk+wQqmq98qw==
x-ms-exchange-antispam-messagedata: RnChFbq9ITXg/C2bsiheMKckQ6iI6/ck5cGRrE/j4/YugSMwPtqLYO0w/6BYH1pHdQD2lGstZB2pNnrcSHn403itBOnj7ApWZ75GLnOqm8pmVlRewjS0dn0FJRWy/1Zo243M0J6AOZo380epzY78BYHjKriZZ7xpBcWfDj4WrPqM/A2nwepDyywNXi3QYb0OEy6sVYktBpNl714+aAHjX5X4LDfxE2v0RyRB0QuQBdNKqyinz244IoVfGj/cdrKtdtLBMjRjF37H6h6aFkVuQNmhAkCUlj/EgSaWEi9ABupHxVk3yTLiHA7/OlONEbzXKd1+3tLr78FftnInd09mjdKYZIh0V3nx66WxqMlCsrIz/s3FVVGLTektpR24JXhc30KJp1TK8voTzIkKs9YsCmDU2DbBonXC6EF3x5d6PWLIs+vP2ueR/qEaxRWdIxDEdUjtQ7vjC6f4cbCPn+jes4xA14MzV3Y45FPSGUepKx0B0kH62xjpFkQvmrmo6Gauxx/mGzyO+FGHWXglFqQGxdzdojO8TJhoSF4o8+3KxBCR+t4ichxp5+RxxE83avzllt2IubM+tJuVURETT9yAstb/LN2VlYoDzpq2g8BXpSlwd+/mqvX3qOMZNDWc8w5JEyaYvoJkcxbmriqRxvKGxUJL5GXwplKEOEgxGj6+3REpMVO84mz1pHdBqJWV46nxejz0sK1txGBpSz84vtHmNCGXyfuPu1ZTO8HmN33578I5BNR57yhBfLtvIJqt7ngzkJ5jmv7Fmnw15nYGbkxvXPs8i2K9lQq9BLOXyGpVLww=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <DC9991CDD7E64646934455C022011DA1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 207f4575-8f7b-4148-f9df-08d7eabe31d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 15:18:09.5003 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eO/Pa62yJc8anjpHsThGsxFkwLl6gD4PKHmQTWW4N0Ss9fs06r4JVozx5mL1C1MnWKh4qsRtCRE2q/daEX4pTeV6vbXykjDGC6oXniUzhKE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3965
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/kDdZCQK9u1sCEymY8s1pRox1Tek>
Subject: Re: [Lake] proposed scoping text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 15:18:42 -0000

Hi Chris,

Thanks for quick response, comments inline.

On 2020-04-27, 15:10, "Christopher Wood" <caw@heapingbits.net> wrote:

    On Mon, Apr 27, 2020, at 2:23 AM, Göran Selander wrote:
    > Hi Christopher,
    > 
    > As you remember, the scope of this work have been discussed (outside 
    > ACE) since Jan 2019. Support for PKI and certificates has been included 
    > throughout the different steps, the virtual Secdispatch interim March 
    > 2019, the LAKE BoF July 2019, etc., each occasion followed by a 
    > consensus call with large support. Removing all kind of PKI support 
    > from the scope would be a drastic last minute change.

    I'm aware, but I think it's the right thing to do in the near term. 

    > The use of certificates is important for efficient trust management in 
    > deployments with large numbers devices, and is one of the driving 
    > forces for moving away from PSK-based IoT deployments. The number of 
    > IoT devices is projected to surpass the number of web servers world 
    > wide by orders of magnitude. A common building automation deployment 
    > can have thousands of devices from several manufactures. If this is not 
    > the setting where we want to use a PKI, then what is? 

    I can't comment on whether or not this makes sense. I don't work in the space. All I'm suggesting is to focus on small cases first. 

    I'll note also that it's *possible* to have your cake and eat it too, as demonstrated by Tailscale [https://protect2.fireeye.com/v1/url?k=0bc73d2d-574ee76a-0bc77db6-0cc47ad93c18-4e312ba1cd3cf468&q=1&e=20eb74ed-8a0d-4c42-a29c-06c545b31b25&u=https%3A%2F%2Ftailscale.com%2Fblog%2Fhow-tailscale-works%2F]le-works%2F]. We could design an AKE that works with only public keys, or even PSKs for that matter, and move everything else to the application layer. To me, this demonstrates the certificates need not be baked into the protocol to solve the use case you (may?) have in mind.

[GS] I glanced at the reference and it looks interesting but I'm not sure how it fits with the IoT device deployment setup. Could you please elaborate?

    > If we want the IETF to provide a relevant contribution to securing 
    > constrained IoT we cannot exclude device certificates. Instead we 
    > should design the AKE so that these deployments can use certificates in 
    > a simple and efficient way. Referencing certificates instead of 
    > transporting them over constrained links is a key component here.
    > > I think including certificates complicates the story and will make 
    > > progress on an efficient AKE
    > 
    > I am not convinced by the "complication" argument because it is hard to 
    > measure at this stage. I think the scope should to be defined by what 
    > we need to solve and what we believe we can solve efficiently, as was 
    > motivated in the proposal.
    > 
    > > I thought Ben's suggestion to focus only on PSK and RPK modes to start 
    > > was fine, though this recent proposal seems to also support certificates, '
    > > albeit only by "reference." 
    > 
    > Please read the first line in the proposal again. The proposed scope is 
    > RPK + certificate by reference, not PSK + RPK + certificate by 
    > reference. 

    This is *your* proposal, not Ben's. I'm referring to (and prefer) Ben's suggestion, for the reasons stated in my email. 

[GS] I probably should not continue this argument, but just to clarify: I'm talking about the "also" in your text above. And about the "e.g." in Ben's proposal, see also the "Furthermore  ... " in my previous response, below.

    > So, this is in fact good news for those who are concerned 
    > about complications, since removing the PSK based authentication 
    > protocol is a significant simplification of design, specification, 
    > analysis, implementation and testing. 

    Are you suggesting that the holistic design and implementation of an AKE that uses certificates is less complicated than use of PSKs?

[GS] I was thinking about the part which we need to specify in LAKE, not the use of existing protocols for outside the AKE. We could compare the case of passing a reference to a device certificate to that of passing a reference to a device public key. What does the receiver have to do in the different cases? Both certificate and public key needs to be "validated" by the receiver. If the public key is pre-provisioned and never revoked that is of course a simpler case, but also has management and security implications. For the certificate reference it could be a simple validation request similar to or simultaneously with the certificate retrieval. Although the security considerations of the AKE need to prescribe validation, the validation step can be outside the AKE (assuming case 1 in my previous email). I don't know how to measure the difference but I was thinking that part to be not so complicated in comparison to a separate PSK based protocol. For the case of passing revocation information in the AKE (case 2 in my previous email) that is of course an additional effort, but there may be some low hanging fruit in that context.

    > But, again, I think we should 
    > refrain from the "complication" argument and instead focus on what we 
    > need to solve (and to get started!). 
    > 
    > In contrast to removing certificates from the AKE, removing PSK seems 
    > not to notably impact the desirable scenarios where this can be 
    > applied, since RPK by reference can perform as good as PSK. 
    > Furthermore, I interpreted Ben's mentioning of PSK and RPK as just an 
    > example, based on the discussion we had at the latest LAKE virtual 
    > interim about the cases where a candidate protocol can perform 
    > optimally. Not that this subset necessarily was the subset we should 
    > restrict to. 
    > 
    > > it assumes some type of PKI in which these certificates exist and through 
    > > which endpoints handle tasks such as revocation and transparency. 
    > > That may impose requirements on the AKE. TLS had to carve out 
    > > extension support for CT and OCSP. Is that something we want to take 
    > > on when starting down the path towards an efficient AKE?
    > 
    > The efficiency of the AKE need not be restricted by allowing validation 
    > of certificates. This discussion really belongs to the design phase but 
    > starting it anyway, there are two cases:

    I think the important bit here is that the AKE (TLS) had to be extended to support these emerging technologies after-the-fact. This suggests the AKE should minimally be extensible if things such as revocation are not in scope for an initial certificate-focused design.

[GS] Good suggestion. I think allowing some simple mechanism for verifying validity should be in the initial scope, but having it as an extension would be the backup plan.

Thanks
Göran