IETF Logo Mail Archive

Re: [Lake] [lake-wg/reqs] Placeholder for resumption (e743c87)

Göran Selander <goran.selander@ericsson.com> Wed, 12 February 2020 10:22 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9DD120891 for <lake@ietfa.amsl.com>; Wed, 12 Feb 2020 02:22:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bEjGLABpi3L1 for <lake@ietfa.amsl.com>; Wed, 12 Feb 2020 02:22:53 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2087.outbound.protection.outlook.com [40.107.22.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0482120169 for <lake@ietf.org>; Wed, 12 Feb 2020 02:22:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvfA9BJfGoIbrD7vfR4wKQdiBbjzeESO1u7WKLf6U9xatPuQyWn7a3RunvuKAItDksZsPypxe2anWTqgb0PtR80RbVqhHleiK9MimUNsJ85UYR1u8kBNhqLdIQIYU38eAQNh4HlNyzOT9lt+C/6MLQmAbzf+a3GHJum/PAYjBRxN0PqroPBMcvkj6SoowaCjJfC1fVqDcSH29hlsPsZYFTejxEUNrkQSHonU4E9flT/Bq6sS86xStWPAQZ+f/FBbnyJ53oXV1UVfKU7TtrRb5FLhfdw7Dccuj+6ME6w+6aUieKG4Xg/7u8brMwwXzifU99kfPa+91z0QBZ0Ben0fDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUwW2GHZVNhF5t50JLmbPysvJzUbezhq5iSRWclnpME=; b=dgunco9vTxynjEyOVh8E6gd9Ct1S7pVOMe4g7f4Rel0IPyfY5103VsTesCMcqk2yW/lL0a5dqMI0Ld0a0aFqoiMyEgzCLh2Js2xsnpwbWwSNH/JoSk+AmYzpLxyaYXP5j3a4wBZ9L387bniDOwVD+Cq6P2lpcsyuWCTIiWSCd0QvyoemMh0tR/m/MvQg3mUDEawC3Z5nWOYcwvjU2x01oyLD3KEKyr1midr2ylLDBaUEEV3CVsa7O+tgVtRbxWFuYMsE6cIt72gYqc+CNr7WTuGnvkDfV1lj+F6hV3okkPp/MGVRrRnaP0XnUQLk9WoFooMS6ekeNB8S4j6jMLYW8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUwW2GHZVNhF5t50JLmbPysvJzUbezhq5iSRWclnpME=; b=CYm9p0X7ISOoTW3cZ6daLyJ7g3Py55YUWfvcFVOeIgXK64ilIhM9BzVO+lDxbD7gJFtKiw5mTvp75lLzE7o1IQgUsAhLse81cxNP9+zkiT2iDBE2leW42YpVaq0W5yZhC28S0ZbD4HpbNMRBuIpAt502vWOF1VPSIE2us/aSy20=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.163.140) by HE1PR07MB3436.eurprd07.prod.outlook.com (10.170.242.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.13; Wed, 12 Feb 2020 10:22:50 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::4d32:e953:5cf9:b55e]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::4d32:e953:5cf9:b55e%6]) with mapi id 15.20.2729.021; Wed, 12 Feb 2020 10:22:50 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] [lake-wg/reqs] Placeholder for resumption (e743c87)
Thread-Index: AQHV35z3/BI+wQu9Z02Y6Oh1GOCl8agUWT8AgAGhKwCAABBPAIABY5CA
Date: Wed, 12 Feb 2020 10:22:50 +0000
Message-ID: <A3B07329-5AD9-4C42-BC58-7F27B25179D2@ericsson.com>
References: <lake-wg/reqs/commit/e743c873a24f03c88019df5ca275660677f56e8a@github.com> <lake-wg/reqs/commit/e743c873a24f03c88019df5ca275660677f56e8a/37200172@github.com> <23690.1581337124@dooku> <CABcZeBMLBqOcK=Tb8qKw=MBpuF8pb5z6YR_N8YWS4pHp6zH+2g@mail.gmail.com> <2680.1581430212@dooku>
In-Reply-To: <2680.1581430212@dooku>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6148523d-8d4a-499a-d86e-08d7afa5836b
x-ms-traffictypediagnostic: HE1PR07MB3436:
x-microsoft-antispam-prvs: <HE1PR07MB343647815CB0788729DDAC09F41B0@HE1PR07MB3436.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0311124FA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(396003)(376002)(39860400002)(136003)(199004)(189003)(6506007)(966005)(26005)(66946007)(76116006)(85202003)(8936002)(2616005)(81166006)(8676002)(81156014)(64756008)(66446008)(478600001)(66476007)(66556008)(91956017)(33656002)(186003)(6486002)(6512007)(71200400001)(2906002)(86362001)(5660300002)(85182001)(316002)(36756003)(110136005)(66574012); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3436; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J6B+Bj62OlY58xR5ND/QK9P/F5Np+3i53PPgAku7+JLV+Lh9ibRvoLm1to70CyFdfdG1QdhuNFrkyh4oq6vjZKTJrP7lfTxJlsVT6WznUvw2AD/8034FbNt5zbdISvONJmF8mvikKL+3SmFsCg4v5XjES4+nicDe997yGmadxIW9emJ6P8Cmw4i8V4IWX+iUd8oRYn1eFwz4rAjMcp2e3Fcb90BwIowvFMhthJMbfCkMYgKRU6N0h+3hX7ufidj4XkxmpPZYS+ZiRXWFDpRGkJpbzeP7UhPsC/cjJ/ethe1vzcQ/2a2GtOvkLWWe97Lmt/foEpvQkjQLvI3h8GPm/OrhjA7e8AR0jwi9nsi1PJ+/a47imO62DaTYlphEXpi1RIMKVsWW9vte1+lLLdfzPGz3gfC0uBDlEFYlgW3HmbrhSOGnvATzDqn6gBunKXecGqbEn5mIyWZ8UADHCh2Bn0PxWmvrhf3FW64+QYR0wKX8ht8cd/6JgLnfCWNgLqtP
x-ms-exchange-antispam-messagedata: aLua63KHsOJccST6bBvR8gBIMAC+lFr88xgsxt+I79NG9vgw69F541QNkmKc0IvE0sxZ3WNDYB8T2DOIhcbShCCyo0JXMWP2XYSc/ziSBNlvRl+IxMyUAonf6lS8xdMH0+n23O7DTGCQZvISlS6f9Q==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CB6308688FE66F4E8288BAE934928744@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6148523d-8d4a-499a-d86e-08d7afa5836b
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2020 10:22:50.4193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MOEO4ODei1Oi2i9h7aswtdRRwBGNB/xsjkrR69Fod88HKt2E6Zep7/3mm3PXUhqDV9YUPR8D4lyer9XsRTAgn8HNq3k7/R2d6WXnZK58BUs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3436
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/qY6qW7WwphS6ja850zX5Am4OdDc>
Subject: Re: [Lake] [lake-wg/reqs] Placeholder for resumption (e743c87)
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 10:22:56 -0000

Hi,

So, are we happy with the current text in PR #12?

(Branch "resum", section 2.4:
https://lake-wg.github.io/reqs/resum/draft-ietf-lake-reqs.html#name-crypto-agility-and-security
)

As I read it, the text on generating keying material to avoid "the need for public key authentication in that handshake" captures both the aspect of computation and message overhead.

As John pointed out, there is an efficient solution at the OSCORE layer:
https://mailarchive.ietf.org/arch/msg/lake/5DAmN2c7cOXCUej-4XRHxa18MIQ

Michael: A mechanism for "responder initiates a session resume when it sees an OSCORE context that it does not recognize" is included in appendix B.2 of RFC 8613.



Göran


On 2020-02-11, 15:10, "Lake on behalf of Michael Richardson" <lake-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:

    
    Thanks for the discussion.
    
    {editing}
    
    Eric Rescorla <ekr@rtfm.com> wrote:
        > Your question begs a more general question, which I think speaks to 'session
        >> resumption' situation, I think.
        >>
        >> And I guess there is distinction between:
        >> 1) avoiding expensive authentication, assuming a round for PFS.
        >> 2) avoiding expensive authentication, no PFS
        >> 3) re-establishing state after a restart, or a long sleep.
        >> (the responder might have expired the session data)
        >>
        > 4) doing an exchange to rekey for PFS
        >>
    
        > Actually, you don't need an exchange at all to get PFS: just ratchet the
        > keys forward as in TLS 1.3 KeyUpdate.
    
    Ah, good point.
    
    
        >> (3) is different in a connectionless CoAP situation where there isn't a TCP
        >> session to maintain.  Do we include mechanism in AKE, integrating into
        >> OSCORE, such the responder initiates a session resume when it sees an
        >> OSCORE
        >> context that it does not recognize?
    
        > Good question. I had mostly been thinking of the setting in which the
        > sender knew it was reestablishing "connection" state (this can be true even
        > with UDP-type protocols as long as there is a concept of association). I
        > think this is what you mean with (1) and (2), right?
    
    I think that this is going to be a common case that the initiator will not
    know it has to resume.  A responder ("Resource Server"- RS in ACE
    terminology) will have memory for N-crypto slots.
    N will be a number somewhere between 4 and 64.
    If there are <N clients, then all is well.
    
    If there are more (likely), then the RS will practice some kind of LRU
    algorithm on the slots.   It might be reasonable to partition the table into
    frequent callers, and infrequent sensors.
    
    For some sensors, they will do the key management once, will get an OSCORE
    context and they will need to do the entire session setup/resumption in as
    few as 1-RT.
    
    I think that ACE already has some logic here, but I am not sufficiently
    steeped in that art to name it. (I find I have to write code before I truly
    know anything)
    I think that LAKE will need to provide to rest of it.
    
    {I finally watched the IETF106 LAKE WG recording today.
    What time-travelling fun.  Especially at 2x playback speed.
    I think that I had RATS at the same slot.}
    
    --
    ]               Never tell me the odds!                 | ipv6 mesh networks [
    ]   Michael Richardson, Sandelman Software Works        | network architect  [
    ]     mcr@sandelman.ca  https://protect2.fireeye.com/v1/url?k=f93c2eb3-a5b6fa72-f93c6e28-863d9bcb726f-39dd4b02ebbaaf29&q=1&e=8be049c4-db91-4323-9f15-e2897e32190d&u=http%3A%2F%2Fwww.sandelman.ca%2F        |   ruby on rails    [
    
    
    --
    Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
     -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email