IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

Peter.Blomqvist@sony.com Mon, 24 January 2022 15:07 UTC

Return-Path: <Peter.Blomqvist@sony.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 474903A0D62 for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 07:07:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sony.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TL-C_1edrUfm for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 07:07:19 -0800 (PST)
Received: from mx07-001d1705.pphosted.com (mx07-001d1705.pphosted.com [185.132.183.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6EE43A0D71 for <lake@ietf.org>; Mon, 24 Jan 2022 07:06:55 -0800 (PST)
Received: from pps.filterd (m0209328.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20ODBJ4F009551 for <lake@ietf.org>; Mon, 24 Jan 2022 15:06:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=S1; bh=LwRjXVVrNqiVBuxpSOroRMNvqmPHOjJN+Zj5fGZ8tBk=; b=D5dWxMyNhtSz5uQItpLEnf4Co6n21JN7Gq7KqGHazTCoBfreH3zBKFcB3Q6FKra6RAYF A3qauQF3u+rpbTA5ub9qR1XgP8pM/xSqxR7+RiPI/a+LWahVSX0gpacRoWuC73hch+yz 7RlTC7lE27Sm0+mjMNmnAEcK4bQO14FY1ob16ebABzRefu/jhZapxD7vHEToAWAAmELr yVtKdhikgu2U9Ixm7myQuBZWFg2MbSSMYpyvjQOgPE9RbbjzOtSgY5Ry/lBd7xa8UrzT Mjv2CSq9aHKK0bM5tlj7MYIbqdergOF9r0eBgP/kY6UVdNfhSEEmotrRCCCDgKRhnWeJ +A==
Received: from eur05-vi1-obe.outbound.protection.outlook.com (mail-vi1eur05lp2175.outbound.protection.outlook.com [104.47.17.175]) by mx08-001d1705.pphosted.com with ESMTP id 3drb3kafu6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <lake@ietf.org>; Mon, 24 Jan 2022 15:06:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WFoxODdYI7bZACMDATW8lbLC2vqkoRCnV71ZsTM/rvFYmXwuHB9ZcZiP+aMBwGh9ZNmOWvCmABCkTCo/0IUf9D3RDfOhHYzhGfqQkGLq1nx43PYylCBIfABRtkemx5e/cxYkkjegkkUGJAgjQ9uAIC9ix4914E7JT+XK7mHel66QAc7ojReqYTeRu39v8e+JQJHe5GvTyfmY9CHHyMhsmmz2xHnpWsr7f+Wqh8ESOEh+RW7UXf0i22JWs5kEaQirUeHcDdBHQrhzRSej1Qe7MxVHEZNtccGuqIpNggg07AKkeD6jIlSYtHvEH7cmxD6ksUZP91md6poPywpnbACxNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LwRjXVVrNqiVBuxpSOroRMNvqmPHOjJN+Zj5fGZ8tBk=; b=XqmaJX5tqiklEF0SJLgnfz0ay3YSURc8AKV9iVGwGfFmw8oSMwPA7ppmuRVkL3hdAqdPyLQ+KM0LsY5IKDureq4nZu1B4pMJNuXs/YdzL6Om6F9hY+crZ6OpKG789Z/yUNFpXaARIv/XDVtmzEQ6Fc3pYFQQHmVxUmzIqb7rHSfZEZW5i49nM8jthhOdRvxGJfpCMuYcl6iyhwX1lOeQdqx8Jh8GjbZPaBLQyj5dH6RLm+WpfGxRUN7c43IieYc525ijI13qI3GFvUaorMOwtWlSKytDImAfwtKylEGKeJboAtmUm2+jeIzntvxZ/7m5nvgx2IHokeR7EG/eC0YVOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:1ea::23) by AS8P193MB2112.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:44f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Mon, 24 Jan 2022 15:06:50 +0000
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::d04d:f233:cb7f:35e6]) by AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::d04d:f233:cb7f:35e6%5]) with mapi id 15.20.4909.017; Mon, 24 Jan 2022 15:06:50 +0000
From: Peter.Blomqvist@sony.com
To: lake@ietf.org
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+7dGT3LKZJvEyDUzfSJbWbxaxsWo2AgAADLYCAAADBgIAAEigAgAWXPQCAAEDQgIAAAIiw
Date: Mon, 24 Jan 2022 15:06:50 +0000
Message-ID: <AM8P193MB0979128BF2F7A1AB7064713A835E9@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
References: <F4461112-A859-4647-B4D5-85E83A77803B@vigilsec.com> <C7D041C5-0BA9-4C1B-908B-883EE015F4E9@ll.mit.edu> <AM4PR0701MB2195B935724D8DF4EE9257D4F45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com> <HE1PR0701MB3050AA43345FF0230EB2BFA8895E9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050AA43345FF0230EB2BFA8895E9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 66b01254-720c-4e8b-50ec-08d9df4b2632
x-ms-traffictypediagnostic: AS8P193MB2112:EE_
x-microsoft-antispam-prvs: <AS8P193MB211265122A443608F118216E835E9@AS8P193MB2112.EURP193.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E6HiK0y9MwkvRwzOZd73UVEPFN1483MhqX8xWRnYfByUz7phQF2YmEJ3YosG74UOt9USqJxcpLlTsqYNpZD27l/NeUtc8VUttCHdZGLF+kf3iHAoq51gdT3yrCp5WECqLaJHz/jBcxMadTQrKh7MLS81/7NSimBHxHJ3RzQKF0yGPSKBd72ough/WEdj9uqtDyODQELBpZtT4y0QqAtZEJ8CQYZmZLg/xLDjfMT5855YWR8M6jHtSKlKw+T57vhdX93h2yX4YB6tFj9Dzn5zw3rBpNYPSz7hRXkRGZKuVmxIKIsDAvaPMGseD5P7gplz6IChCrYvMnIFBjyqAB/jD2I+uW72lrtdMIFteGUuy+w3YIatg1gK1sYCyLRLswX3XWPlYHzrOxuo2Ng8lX67K6iWtNwoexwYyzU0CMHUYZo0fMespdovEO8lUsR/muPQvTvKj25DIrT2Xd0yHZINudKOq192fcYwpODygXPGa+t8wi+3BKADUrTokAK8qI+8SPKUOhfSO7D4cMnFlrtake06liLN3sPKoZabalsgDfjDsm9sHA+xvNWB224ygxcJCjbQKyA/rWgSG1OYrRnnyK9wJjq6ArSyM5aXQUW8vnjzzQJe6g7uP91vEddfzrZzcx18umNt7TEJYPtItuUnPKChJNknxq2mWifVyEsoBPHhUlxap1oTokc+H+LIlIH6K5AkVZK6EKYNfvaCW3/8EaTZOjYCwsw/Nd/U5ga2601sasKaq5qcdZWGoJE04zepUKagW4KoHm7bczW0HYd7/sOxWSrcrp6pafW1j2mQ6I5JVaQSdC3CtVDS69tMmdIbGA2Nk7Ti6eq1rvVHGcPu2g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8P193MB0979.EURP193.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(26005)(38070700005)(52536014)(8936002)(66476007)(316002)(6916009)(64756008)(966005)(122000001)(8676002)(6506007)(66574015)(53546011)(5660300002)(83380400001)(66556008)(2906002)(166002)(55016003)(76116006)(34290500002)(66946007)(508600001)(71200400001)(9686003)(86362001)(38100700002)(7696005)(82960400001)(186003)(33656002)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8XPHrc+e6RB06jNfqZ44pEzpqNdzC2JgFjq93tRWaN3bs4BCkD/WgRGXIhBip2iwz0uv4inZJNd+2PaCQNbLztae6JStdCn4wM+KPReb+pXw7enGNcODAPObCK5A78X+z2QkXzjwFth8nqafjIO8xGdSeKRLrr/apK4VBdjc2lsHZ8XUzv27/zJhNQiSF0H4wrXC0jPApVLDzLgAwROOL/08W00wQ7nXutnT+8VDAlLTzeaoxuSMktyQSZHDKVdAaM6w8VTtJQR1UsKkAd4Bm+TaHMhmZOMTpMb++9hgQy0x3julW/Nky6P7/8d5RJQL+8tpHMchkyN3MhzMpIKtkaohDxeKVIt8YEnQTx3BQHoLhk1QXLZrTWTi97RSY/cSezBJFIcdJW3ipBU4VuffErmK2SdAs1UaZPEKwRYYQ7bywl+QhB8GVb5sWI6STLN6hvQdkU2/LYn4O5K4/+1yGKX7bMvwjo1AYqjdKq41HIaobZq8FoyPnI2Rni25/SKlM6T64/nzIHAC/aCJ3GzYWMI7aEX/jkk3UcJOuvX+vMiUEu+Nrpu4CXHraRlCh2KeqpsBOzdu0urz8A0L2tdFi8iQsF81oyhQFkgYFXsdxYXZ+hccfrChtLaCVOPG8T9ds6yozyqqO70yS/mubbw/S3ZeEPGws4+N5p8vrFeTNakY0hdJjaIut2iNdZeOR3gBDBy1rzPnbY2YcJPDdqaiYreYxGe1Ew6rUTd4+2HOSmf4iOUjBpgBu4amt0e4TDJSTO2TeBNlXKeZ4dtyLdWK0j6cntK2kL9N21KxJIrEH6J7GNFx6EnnjwPBSul+Wj3+jDhI0/MfmamU3h7bIcxshIJ5kNGu84wbGUR3I61Y7OSE06sRlxe3c/yuariPfDCE+4bfhHD07wWeMOiXtCQMecPqjcst0e5pqw4Az6Z7rNncftxBnuoSXvurA+T8c/adyyWakewsENv0KDFCMlrFcuvxKkATcryd7PbCEQvrliIjB4bG0ySLdc2D2QdMZuM58aVHJ6sGgci+b/qxoNWkZLydD+o5sO3B5uAKU/OQ3dSrZxYNFrX/ibknSc6hmPWKWl4C5zwfOb+q/yRf2RNVGFtebaV8F7FGiKKmBp/iNR4QUnbHayCSletlEbDQqHTPFkNGb/Zk+zD8E+wdXSfqE6zOwlYrtp56drcX+Y/Z2ZKq10s9uhjIIGOrIZAxb45POIRV3KQLrG0Mjgd9qBupsMQOZMu+W09q9rI+JnLuu6rmUECcIUGE+tJ81OE/kub0GpuHbD4mM9H0G1Z5J9yJcHQarO8UBEmUTa/hxdusmSTwH7gjZqE9Syix7psSqp3Lmag2XTmQMldLEhB4tUJ1RVlhK4BG58RJ/B5jrnALcGJJI6AaPiyYnzgANIWYL+3gr4ksmfs2jYCVcpV5P3qiMGUTkb9VwNsA20SdLZw+ikzcCdJ75yBhPhqxtOA7El9FDhCYn9avbzI0ITgALLYRvY4YreRgNJtDyqDdp47pRU2gKvj0VYSwsXud1PSgcdRWvM6jwgP08aDZgZuUrpRUFZiSOvkjUAFAcoLYItowUiIlsjEnlxJuIsl5MmGDW2lt5AzJhcV7X5GcOZxLkwSS+9XwQNDZ5s0jcDQ06xQrGAvRCIf6I8sdx1zbHjKfjMEyPgHvhYo3OCfsbv+O8Bdr6g==
Content-Type: multipart/alternative; boundary="_000_AM8P193MB0979128BF2F7A1AB7064713A835E9AM8P193MB0979EURP_"
MIME-Version: 1.0
X-OriginatorOrg: sony.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P193MB0979.EURP193.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 66b01254-720c-4e8b-50ec-08d9df4b2632
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2022 15:06:50.5071 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Nj7lm71w2ktPMQzr0bxul1nvYH3bFl3FnpfTZ5AtpjcRZQ6okUJCxHpmmo8mf7raNsRHFH7ygjCyz88y9uwriLKWPNwtZ0vYVCP5dWf/ia8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P193MB2112
X-Proofpoint-GUID: AepAoBzVDDT4vejviyricp9dYLfUULHs
X-Proofpoint-ORIG-GUID: AepAoBzVDDT4vejviyricp9dYLfUULHs
X-Sony-Outbound-GUID: AepAoBzVDDT4vejviyricp9dYLfUULHs
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-24_08,2022-01-24_02,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 spamscore=0 malwarescore=0 mlxscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 mlxlogscore=999 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201240101
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/pL6O7YEGX91z-sVZD4pNKlCjnXw>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 15:07:24 -0000

I agree with this.


Best
Peter

From: Lake <lake-bounces@ietf.org> On Behalf Of John Mattsson
Sent: den 24 januari 2022 15:56
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>; Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>; lake@ietf.org
Cc: Mališa Vučinić <malisa.vucinic@inria.fr>; Russ Housley <housley@vigilsec.com>
Subject: Re: [Lake] Ways forward on MTI cipher suite text

Hi,

I think the most important thing is that this MTI discussion does not take up too much time. It would be good to get this over with. I can live with both options. If we go with option 2. the only viable choice seems to be 2/3, which seems to be the most common in current implementations.

- As I said before I think a MTI cipher suite does not improve interop much. The cipher suite is just one of many parameters needed for interop.

- If we go for option 2. I think the the MTI requirement should be on the software implementation and possible to disable when compiling for a specific device. Constrained IoT is different from non-constrained TLS/IPsec in that closed ecosystems are very common and that supporting several different algorithms on a device might not be feasible due to storage limitations. Closed ecosystems with devices using 0, 1, 24, or 25 should not be forced to use storage for 2/3 that is never used. There are existing implementation of 0, 1, and 24.

Cheers,
John

From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> on behalf of Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org<mailto:goran.selander=40ericsson.com@dmarc.ietf.org>>
Date: Monday, 24 January 2022 at 12:04
To: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>, lake@ietf.org<mailto:lake@ietf.org> <lake@ietf.org<mailto:lake@ietf.org>>
Cc: Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
Hi Uri,

Just to see if I understand your comment, I compared your recent response with the mail from December:

https://mailarchive.ietf.org/arch/msg/lake/1ifhkgxtqIHgt2AuQ6UMytkbY-o/<https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/msg/lake/1ifhkgxtqIHgt2AuQ6UMytkbY-o/__;!!JmoZiZGBv3RvKRSx!pAivuhagf1Q51Ty6XD_VmJOqKmE8WwuZxBtmEtpBBow0h5l1GSTguaGoAC8UovJn_L4n$>

I thought Option 1, i.e. having recommended by not MTI cipher suites, matched the position in the referenced email better.  Maybe I misunderstood something?

Göran


From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> on behalf of Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>
Date: Thursday, 20 January 2022 at 22:41
To: lake@ietf.org<mailto:lake@ietf.org> <lake@ietf.org<mailto:lake@ietf.org>>
Cc: Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
I agree with Russ, and support “sole“ MTI 2/3.

TNX

Regards,
Uri

> On Jan 20, 2022, at 15:37, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
>
> Selecting one MTI provides the broadest possible interoperability.  I think it would be harmful at this stage to divide the implementers into 0/1 and 2/3.
>
> Russ
>
>> On Jan 20, 2022, at 3:33 PM, Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>> wrote:
>>
>> Russ,
>>
>> Thanks for your feedback. Could you state any technical arguments why do you believe that would be the best way forward?
>>
>> Mališa
>>
>>>> On 20 Jan 2022, at 21:22, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
>>>
>>> I would prefer to see one MTI (Option 2).  I can live with that MIT being 0/1 or 2/3, and I have a mild preference for 2/3.
>>>
>>> Russ
>>>
>>>
>>>> On Jan 20, 2022, at 12:03 PM, Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>> wrote:
>>>>
>>>> Dear all,
>>>>
>>>> During the last LAKE interim meeting, we discussed the issue
>>>> of an MTI cipher suite and we agreed for the chairs to open a
>>>> thread on the subject. As a reminder, the previous discussion
>>>> points on this topic are summarized in github [1] and in
>>>> John’s mail dated 13 May 2021 [2].
>>>>
>>>> We’d like to see if there is rough consensus in the WG on
>>>> this topic, at this moment in time. Knowing that the formal
>>>> analysis of the EDHOC-12 specification is under way, we
>>>> should keep in mind that additional input may arrive down the
>>>> road from teams working in the computational model.
>>>>
>>>> As a reminder, the most recently discussed text for this
>>>> is in a PR [3] and states:
>>>>
>>>> “For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”
>>>>
>>>> The options we see at this moment in time are:
>>>>
>>>> Option 1: Keep current text as-is unless/until more feedback
>>>> is provided that motivates re-opening this issue
>>>> Option 2: Proceed with selecting a single MTI cipher suite
>>>>
>>>> We'd like to know if the WG can live with Option 1. Note that
>>>> doesn't mean you think option 1 is perfect, just that it's
>>>> something with which you can live. If you prefer option 2 or
>>>> some other option please suggest specific text.
>>>>
>>>> Mališa and Stephen
>>>>
>>>> [1] https://github.com/lake-wg/edhoc/issues/22<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ff26b0af930d12f4&q=1&e=2f7b2843-fdd9-4462-98d5-2e3b1dea8354&u=https*3A*2F*2Fgithub.com*2Flake-wg*2Fedhoc*2Fissues*2F22__;JSUlJSUlJQ!!JmoZiZGBv3RvKRSx!pAivuhagf1Q51Ty6XD_VmJOqKmE8WwuZxBtmEtpBBow0h5l1GSTguaGoAC8UopVCpboA$>
>>>> [2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/<https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/__;!!JmoZiZGBv3RvKRSx!pAivuhagf1Q51Ty6XD_VmJOqKmE8WwuZxBtmEtpBBow0h5l1GSTguaGoAC8UokTCVKbO$>
>>>> [3] https://github.com/lake-wg/edhoc/pull/225/files<https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-9795506a0cfc96b8&q=1&e=2f7b2843-fdd9-4462-98d5-2e3b1dea8354&u=https*3A*2F*2Fgithub.com*2Flake-wg*2Fedhoc*2Fpull*2F225*2Ffiles__;JSUlJSUlJSU!!JmoZiZGBv3RvKRSx!pAivuhagf1Q51Ty6XD_VmJOqKmE8WwuZxBtmEtpBBow0h5l1GSTguaGoAC8UokeLwENb$>
>>>
>>
>
> --
> Lake mailing list
> Lake@ietf.org<mailto:Lake@ietf.org>
> https://www.ietf.org/mailman/listinfo/lake<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/lake__;!!JmoZiZGBv3RvKRSx!pAivuhagf1Q51Ty6XD_VmJOqKmE8WwuZxBtmEtpBBow0h5l1GSTguaGoAC8UolQYwDYs$>

v2.23.0 | Report a Bug | By Email