Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
Benjamin Kaduk <kaduk@mit.edu> Mon, 29 June 2020 03:43 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7253C3A07E6 for <lake@ietfa.amsl.com>; Sun, 28 Jun 2020 20:43:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CayPwaY9Ukz2 for <lake@ietfa.amsl.com>; Sun, 28 Jun 2020 20:43:41 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E5923A07F0 for <lake@ietf.org>; Sun, 28 Jun 2020 20:43:41 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 05T3haWF021002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 28 Jun 2020 23:43:39 -0400
Date: Sun, 28 Jun 2020 20:43:36 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Thomson <mt@lowentropy.net>
Cc: lake@ietf.org
Message-ID: <20200629034336.GR58278@kduck.mit.edu>
References: <89EA6A63-AB99-4649-9F08-D6FBDE1DEF2F@inria.fr> <9a78436c-feb7-45a8-a9a5-31c169c649d5@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9a78436c-feb7-45a8-a9a5-31c169c649d5@www.fastmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/nPm1Pul8cTr49MkMSnY2OvL26rg>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2020 03:43:53 -0000
Hi Martin, Thanks for chasing this line of inquiry. It does leave me with some more questions, though... On Tue, Jun 23, 2020 at 02:00:16PM +1000, Martin Thomson wrote: > On Mon, Jun 8, 2020, at 23:54, Mališa Vučinić wrote: > > we are now launching a call for adoption for > > https://tools.ietf.org/html/draft-selander-lake-edhoc-01. > > I was reluctant to respond to this thread, because it generally isn't worth stopping other people from doing something they want to do. And I'm aware that the contract implied by the formation of this working group - at least in the minds of many - was the development of a new AKE. (Sure, though for me I was more interested in the "find out if we need to develop a new AKE" question, first.) > The time that others spend isn't the only factor we should use to decide. As others have noted, adoption of an entirely new AKE means more than just the time that those other people spend. I have no skin in the maintenance of IoT products, but the concerns raised about fracturing and maintenance overheads there are serious. My concern is for the split this creates between endpoints that choose option A and endpoints that choose option B. > > When CoAP was proposed, I didn't have the same presence of mind as others [1] to recognize the harm inherent in defining something like HTTP that wasn't HTTP. It's easy to point to adoption of CoAP and use that to claim success, but that misses the true costs. The true failure is the creation of a set of endpoints that don't talk to other endpoints. The IETF made the choice to actively help create a division in the market. Maybe these endpoints might never have been able to communicate (MQTT is, after all, largely outside our control), but the choice by the IETF to XKCD 927 didn't really help. The main thread I'd like to tug on here is what exactly could be interoperable, and how that might be affected by our decisions here in LAKE. In particular, it seems like we need to take the existence of CoAP and OSCORE as a given, and cannot indulge in counterfactuals. So, given that there are devices using CoAP, and OSCORE is 8613, we can expect people to be making devices that use OSCORE for their secure communications, and need an AKE to key OSCORE for most/many use cases. This already assumes an "island" separate from HTTP, and an island separate from TLS for data protection. Is using cTLS as an AKE for OSCORE going to somehow (help) join up an island of cTLS+OSCORE with the existing CoAP+DTLS island? If we want a cTLS stack to talk to a non-'c' TLS stack, even just for the AKE, where is the translation logic going to be (if it's even possible)? My own first cut at an analysis is only finding that we'd "just" avoid having separate EDHOC+OSCORE and cTLS+OSCORE islands, but that a cTLS+OSCORE island would still be an island, isolated from the broader TLS ecosystem. Am I missing a way to join things together? > For us, this failure manifests in a great deal of expenditure on parallel infrastructure and standards development. For the market, who we leave to choose, the cost is in the creation of non-interoperable islands. The market also pays through the dilution of resources that we dedicate to the improvement of the commons, of which protocols are some of the most valuable assets. That is true, though it is unclear to me that there is any effort ("market" or otherwise) currently going into a cTLS+OSCORE combination. I'd love to be illuminated if I've just been missing it! Thanks, Ben > [1] https://tools.ietf.org/html/draft-montenegro-httpbis-h2ot-00
- [Lake] Call for adoption for draft-selander-lake-… Mališa Vučinić
- Re: [Lake] Call for adoption for draft-selander-l… Michael Richardson
- Re: [Lake] Call for adoption for draft-selander-l… Christian Amsüss
- Re: [Lake] Call for adoption for draft-selander-l… Dan Garcia
- Re: [Lake] Call for adoption for draft-selander-l… Eduardo Ingles (UM)
- Re: [Lake] Call for adoption for draft-selander-l… Martin Disch
- Re: [Lake] Call for adoption for draft-selander-l… Laurent Toutain
- Re: [Lake] Call for adoption for draft-selander-l… Timothy Claeys
- Re: [Lake] Call for adoption for draft-selander-l… Karl Norrman
- Re: [Lake] Call for adoption for draft-selander-l… Rikard Höglund
- Re: [Lake] Call for adoption for draft-selander-l… Marco Tiloca
- Re: [Lake] Call for adoption for draft-selander-l… sandoche Balakrichenan
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Jesus Sanchez-Gomez
- Re: [Lake] Call for adoption for draft-selander-l… Christopher Wood
- Re: [Lake] Call for adoption for draft-selander-l… Stephen Farrell
- Re: [Lake] Call for adoption for draft-selander-l… Eric Rescorla
- Re: [Lake] Call for adoption for draft-selander-l… Christopher Wood
- Re: [Lake] Call for adoption for draft-selander-l… Stephen Farrell
- Re: [Lake] Call for adoption for draft-selander-l… Christopher Wood
- Re: [Lake] Call for adoption for draft-selander-l… Melinda Shore
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Carsten Bormann
- Re: [Lake] Call for adoption for draft-selander-l… Brendan Moran
- Re: [Lake] Call for adoption for draft-selander-l… Robert Cragie
- Re: [Lake] Call for adoption for draft-selander-l… Shahid Raza
- Re: [Lake] Call for adoption for draft-selander-l… Richard Barnes
- Re: [Lake] Call for adoption for draft-selander-l… Stephen Farrell
- Re: [Lake] Call for adoption for draft-selander-l… Sean Turner
- Re: [Lake] Call for adoption for draft-selander-l… Martin Thomson
- Re: [Lake] Call for adoption for draft-selander-l… Göran Selander
- Re: [Lake] Call for adoption for draft-selander-l… Robert Cragie
- Re: [Lake] Call for adoption for draft-selander-l… Karthik Bhargavan
- Re: [Lake] Call for adoption for draft-selander-l… Rene Struik
- Re: [Lake] Call for adoption for draft-selander-l… Karthik Bhargavan
- Re: [Lake] Call for adoption for draft-selander-l… Stephen Farrell
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Benjamin Kaduk
- Re: [Lake] Call for adoption for draft-selander-l… Benjamin Kaduk
- Re: [Lake] Call for adoption for draft-selander-l… Stephen Farrell
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Robert Cragie
- Re: [Lake] Call for adoption for draft-selander-l… Blomqvist, Peter
- Re: [Lake] Call for adoption for draft-selander-l… Benjamin Kaduk
- Re: [Lake] Call for adoption for draft-selander-l… Hannes Tschofenig
- Re: [Lake] Call for adoption for draft-selander-l… Göran Selander
- Re: [Lake] Call for adoption for draft-selander-l… Carsten Bormann
- Re: [Lake] Call for adoption for draft-selander-l… Martin Disch