Re: [Lake] Ways forward on MTI cipher suite text

Göran Selander <goran.selander@ericsson.com> Mon, 24 January 2022 18:48 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FBDD3A0CCC for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 10:48:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2eV7EpnnIlxO for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 10:47:57 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60061.outbound.protection.outlook.com [40.107.6.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE45B3A0C7A for <lake@ietf.org>; Mon, 24 Jan 2022 10:47:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BgMF67TboWUwWt/OQAfh3Gbc0vhhHV6fwibu/8E9X0rmUDGsAVPS+0GBFvRut8jMAa0PkHhgzq8qfTqBilEnTDsZjMSTrBMmzaFCl1gzqKMBCJQo99Oizp8MDdcSeUhK5DbI1U5eFTTwNv8ne5ipOK6wRU/PGlXtP6qLcQnScfMRAi0Rd2nEIfHDf1rfNFaY5ytwwT/urpAClR1tzjvB0O8OMuxm+j6d0NrmuS1gS6G3iitEdZmNY8Vxl9FclTRkfRyoFdTyam1vx8kRT3oR/yujZ68NcUFqtpldG+Mm/l83apmSP5nS+34uRmATTwPMegXLa+GsE3MWun2/33wUrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9eXr/UF1JwEXr8p9c7OPyE7j2W+65qp6SIEPgt2siso=; b=bDgkCS9ZC2A+Qr2GkhzdPwnITd7XnmPNxIp9CoCP00Lef7cK6uzfqMwKlt73Jhm9tWQoLHmNFG+8d3hwU7NMvalemvvdyJVKnVQuSKDFiyTXgxDE7ETUN1H00BBT6k8vl7QomGVjl0l/MFqisUrhIXjRloubJYKvoLkwEDsc12kY75L8OCkaO0IwmZgMt817vSyM8NgKzOaGPB0bLHeItTbt4whfbdc7FxrLfvSuPe0v7yPalupUIcmE1K/KxbSX5DmzhyERbA5p0S0DFBk72CrpdUFlf/u+KiBC0DFvIIkOFVtwEx92pwTSgv8t4nAQe5xcqfG4QK1aETVunVxT2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9eXr/UF1JwEXr8p9c7OPyE7j2W+65qp6SIEPgt2siso=; b=aHN0lkQUu5HS1kh4CBY94ctljG1WMr5J2n70LO7uu+oSSzbd0jZbr6Z3A5akfk85qfxpKHyxosATFi9ICA1toAXQvpSaKcy+jnodrj3P/roc6LZrJGfEbt3FBHW7zqqrlau6M0V/7lNxXSDdybODh5XBI+W5HRWlGY5y4WQBEuU=
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com (2603:10a6:200:45::6) by VI1PR07MB4270.eurprd07.prod.outlook.com (2603:10a6:802:62::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.4; Mon, 24 Jan 2022 18:47:53 +0000
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c02:9e9:ecd3:ed36]) by AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c02:9e9:ecd3:ed36%7]) with mapi id 15.20.4930.015; Mon, 24 Jan 2022 18:47:53 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/KgYuIcFc38kyxyL1WH2d6e6xyS9oAgAA1UHA=
Date: Mon, 24 Jan 2022 18:47:53 +0000
Message-ID: <AM4PR0701MB2195208CA41C14108E5CD85AF45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <24192.1643036826@localhost>
In-Reply-To: <24192.1643036826@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec577e0c-1a34-4ebc-64df-08d9df6a078e
x-ms-traffictypediagnostic: VI1PR07MB4270:EE_
x-microsoft-antispam-prvs: <VI1PR07MB4270C265C7E73D4B8C7D8907F45E9@VI1PR07MB4270.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WFJJx8oMNB6cj4lYPlEaU/LTmVOrYrWV4MhAmKHzLyv5jLkdeAxaZja8Qa1V6fKVdWm+x46RMjch1VeOzXoM1en2/kLu5k4r8atN/ZoS9hCFZxKm3YTcqoejinz2gPq6PWeBaNNz0ihiSL2ybD/3ojLXlEKQj7jQ9GIaU0ruU6w/8W1M3omyyM2oRYM29W+tV6x8Ew5MI58baegdUhBpAxueSl6v4Tk6c031YghOpPub9RCv9xSoKYDXCOeeT0OsxhIFVqvxXPkV6wHM2jjmMNZzcqPJZ94dDolOluMdoqHdeh/qG6OFWLXRucU0MG8ecR3ePSNz6BvxdIHYbTyO3jzD2pwWaijI4/qHObo0ixslYKCszTXJ0RpSVDqDugNpWBc7fJRWQfxTj374hOnWi2wfYe+7emYNGqntwK6q7/49+v5wVIXczIUYO/MAJi48HflRv7qeyWaxBDa3S6izqo1IJrcULiMNQfkHHEyH8cDN213+ivVRNXxKn9sBrdSX9yyM7WLA9vOdVKx/63QVXcG3iks4kU+CiKCwb35ZWF9FHZVtm2GKZZhKCUypGhmyH5RnWG5JDSC+/MLmyajWr+d+cXZHnfKsyL08AgiyWqZChizPgtWxB0zErtO9CJiBpxdpHSYweL5BdDtmWu6sPC09gu07ts8d5ZxuwzAFxb8J8jWFow4bwzEI0ZPf3/x0/ny9YTXdiviSwba+uTZH81VV1rna0XDWVt3g+6qWnihn6QhEJ4obMl/Bg8eiSKpA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM4PR0701MB2195.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(508600001)(26005)(186003)(2906002)(8676002)(38070700005)(4326008)(38100700002)(9686003)(122000001)(52536014)(8936002)(33656002)(82960400001)(66574015)(66446008)(64756008)(86362001)(53546011)(71200400001)(66556008)(66476007)(55016003)(316002)(91956017)(5660300002)(76116006)(6506007)(7696005)(66946007)(83380400001)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1kiyt386n6t5D56zaYyZW1VJ4ulS+1CYQvDH1cDQi7hCs/L+dMSHe9fgVVqiFqpFsAOKBxDrr1VHGL+1GI1cn+lIsEWaVdAqP8Djar685PLFEt9BOTYXXiFQW3GOuwAADzwq4K/luFwfeFRhvDpz4hR+fog/k5VGpwBVbEDLjDf5q3mXr7WPv4+grOEyMZQKmEgG33Q1Jdg2XVYSifG2mJ64WuiIKxmBgRdHJWpKxb2cfzfXjNORC4DqXg7o4qXcmZAbqhrgbuGX9kwrIZDFFBUz6o+ZaZQpTEBNhiwZFr4L8+797eqfD7/oM2W7egWh1I6CG6LX15JjRZGC8aJSkkowdSo3GFj/+w+6dFMHvQY9JMndSbXOuo7VIhwS/KOrP59KF4836w0KieFWstamJHsJ4D3BkvLH9MpK+Y9LDXiiLLwbv1NarxCDoNKZ0BOurdJ66eX4e3o9l3m42YeVeTnTjUs1NNMfCBci2crNAcSjXcsG5sZy1GpyShcCOP1/DHhUNUwyKUiNNcMMbXcm0x9OmVhOIKutzTM+YjDw7dBlmu6h9L7Xp0YZybau8Mdc/7CbwCLNEPimb6UwNFx2imy2SDPq+E/TsWvRshq5U+/kqjEMYKaRqKmRRGfOvd/gdgxjET6rlV7IoxQO9FmF3wPqMaMXsD4S8HWdQpQvTU0d53F84IEIuNDB/lJBKaimKj2CBXliwDF6Fj6PkXL40l2VYSkyeA3rZ4NvM9FziUD2D+FmlbWH9MnaScNNreXZwiA1kxhSRPNHHRo3G7BDj4Zn7FM4y12zpdBbGL5ML1/iuZF5wrLVBS4lpd5Q9cRegwq/9CWkzVVOwMPcl7UHczZ2k7WV9nDsqKdkRXct8qX55uSGqiji1m4caIW1xyMw17ftmslkfV0tdIZAVuPONJHyeRZ/+8lOMQFW8vTORMwyyJjHgQxSR2nazqXxypAkSrYLr8NCrFlgVhXuJRBiUk7k9BAsq7LT8Pi88vcFVPRhAuWWXmNlNOi31Vu0CpC1038EleAvv+A0wqMxEMuZbiholxbqDNhBPpBJJrURWPwBHj7cC+qTaYcdGbJI5t9aVQjJaDTon20NN5iPPrNPU1nFYB5f8f5sO6vII0n9G9Dcm7qZLSbxRBiCdm/GOQRvwQd9V42faPe9jgK9wEhtmwrI3PuAbR5cxNmfkVnLTjEBPOaUfdOpZRkwmHBKx5zJyGJyDD7RMnLz9uBwYv3dfJykbBYsmsqw39COY44Y7loeOdMNLlOGCLVnAMuJbWiSJyllumPgvpC9LCo6W6Doh4bgnPo0WMimQL/od9EW9oVhC2hf4adzUhhBCkvoQIE6r0wRreccz3q79CrZcQ/ZFAJ6dZQFnuyxoLjysUyJz6jzWg7wZ4vOC6dxmwOzy0x42HDnFswEgYe2MLSgtqGZuinQLwBnepKDqignyo4UmuYcTlcGruAM4+qFUM/sNn7rprkJ5fWNUPJ0rsmSN+3TWzTnpDMtGKM1cUwvvsMb75ElhKrv30IWZAvkIDpwlbamIFcWxp6d/vCW3iFGW56atA3VYrJIo1bDYixm4hzTZVLAF6iNuRcqMiZyjYPMdX0ilrb85DLFOI+G3yz+76S85KA2YkOhVw8CVjL2Zbn5V4zfFCktieDqJ12rcwvgrzgA6kGvXw7mz9Rl6PlgiTwioj+lHhcSTTPsvxYFPyNBxtY=
Content-Type: multipart/alternative; boundary="_000_AM4PR0701MB2195208CA41C14108E5CD85AF45E9AM4PR0701MB2195_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM4PR0701MB2195.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec577e0c-1a34-4ebc-64df-08d9df6a078e
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2022 18:47:53.5154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Fent0F87TjUp0MV/r/9y7aYF5uaqiZBbjafzYzpqa0uHiZTpFfkvtdXNObeGMrhlTLhhfn51cX4bML0GuTJqsFjIQILGV6nh64dSWjz46vg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4270
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/ostXDfl3nNYlH84F25hSbfCOmBc>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 18:48:03 -0000

Hi Michael,

We tried to separate SHALL vs SHOULD & ECDSA vs EdDSA (#22) from the MAC length (#209). See inline.


From: Lake <lake-bounces@ietf.org> on behalf of Michael Richardson <mcr+ietf@sandelman.ca>
Date: Monday, 24 January 2022 at 16:08
To: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
Cc: lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] Ways forward on MTI cipher suite text

Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
    > crypto primitives. Existing devices can be expected to support either
    > ECDSA or EdDSA.
    > Cipher suites 0
    > (AES-CCM-16-64-128, SHA-256,8, X25519, EdDSA, AES-CCM-16-64-128,SHA-256)
    > and 1
    > (AES-CCM-16-128-128,SHA-256,16,X25519, EdDSA, AES-CCM-16-64-128,SHA-256)
    > only differ in size of
    > the MAC length, so supporting one or both of these is no essential
    > difference.

If it differs only in how many bytes are kept of the MAC length,
which means essentially no code differences, but 8 bytes on the wire,
I'd like to ask if we actually need both, period.
[GS:] To comply with the message size requirements we need the one with shorter MAC. Applications that don't have the most extreme size requirements may want to support the longer MAC. So we need to specify both. And as noted in #209 the difference in terms of code to support both is minimal, which is the reason to require implementations to support both when supporting one. If you disagree with that, this is a good time to comment on that issue.


    > Similarly for cipher suites 2
    > (AES-CCM-16-64-128, SHA-256,8,  P-256, ES256, AES-CCM-16-64-128, SHA-256)
    >and 3
    > (AES-CCM-16-128-128,SHA-256,16, P-256, ES256, AES-CCM-16-64-128, SHA-256).

    > To enable as
    > much interoperability as possible, less constrained devices SHOULD
    > implement all four cipher suites 0-3. Constrained endpoints SHOULD
    > implement cipher suites 0 and 1, or cipher suites 2 and
    > 3. Implementations only need to implement the algorithms needed for
    > their supported methods.”

I want to suggest that Constrained endpoints implement:
  (0 xor 1)
  -xor-
  (2 xor 3)

either eat more bytes, or don't.
The device presumably knows what it's Tx power budget needs to be.
Beyond that, it's ECDSA vs EdDSA here, right?
[GS:] In terms of #22 this sounds closer to option 1 than option 2, i.e. to not mandate that all devices implement ECDSA, or that all devices implement EdDSA. Is that a fair summary?
Göran


If we wanted a spare suite "in case", then I'd prefer to have Chacha/Poly.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide