Re: [Lake] March 31st virtual interim minutes

Göran Selander <> Wed, 08 April 2020 09:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3E9653A101A for <>; Wed, 8 Apr 2020 02:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kT4KSlJN5fQd for <>; Wed, 8 Apr 2020 02:56:29 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D225C3A1015 for <>; Wed, 8 Apr 2020 02:56:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=XR1MCYNtIAYlvpBtRE9a9DTaQ/TuKrApfvcAk7xl8YhzmIxUuNDHBcH3GHrhMHR4XhMCd0ZYPu8pYDnlTWP73GUHTk17rsbhcmXZmHM91pyXLkTnX34M+qT6ZI8q0czgLC8qPgArofVx7hdX2M5Bj858LfASyEvZI5ENRKJQKo7jQHwfOkTjgtrs9++G/wzKjQs+oo3nZD3W88OxviVLUglneuEjtqgk7+JTSz15T39PZzWZ5PxefuOajsWQgsupoHJfzVz1cSNLSQ2K5CAy0A6tVo12dNvLjRfZL8HcSgxeTR868LVaTD55yo6j2qtBa5RqtfNrQ1J4e/6J57l9IQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9zr3pLpdmOm70IH4p+tXDw31Wa5ujFF0sYyGuz38paU=; b=IK56py9NrTi6wLghPC0aPbSkbWpf6hoywlg8cWpsbH1L4u8Sc47hRiOMLH8lyIyjtSM5sXzeDGdR/4dLMRs3dvBYge4tE/WspL2mFcieDUziLUV5U9i3CV9av6gbnqsKmvOlT5ggx5qI8F1w3gVx417Ppckva7K5yP8rOB+GJNrPe5Ry2Y1BNYbGTAGNsPjJefL2lv8Zzdoy+CPQQwjN6S1+b8YcyuWT9RDwDMj1HdOV5iAZWgcBc0T1Q1CVttGJsFqAW7qwqCEPA2khfMIxDmdQ352GKRxYkNSV2f/+hiLnoC57WyDfy4MTaHH3xBJQ4hYRz6rDVTI/ZX7eeONFfw==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9zr3pLpdmOm70IH4p+tXDw31Wa5ujFF0sYyGuz38paU=; b=uQQTdOox6se8tRjiQBqOXNNEJGm9/4KjcVU9hrEy0WzHsOhsvO5e30hjX0Mh0coMABXo7epCgf89WosoONaC5imCKVIf+09nR4y7R+4q0rijxRN6a1aWj0t7f3x0vgAW8gVioJ3mYZ2QcBqDYMSnWU8QorN7lh8S7aMvJPwdYQc=
Received: from (2603:10a6:803:9e::13) by (2603:10a6:800:136::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.11; Wed, 8 Apr 2020 09:56:25 +0000
Received: from ([fe80::7c90:eb1a:e7da:2321]) by ([fe80::7c90:eb1a:e7da:2321%7]) with mapi id 15.20.2900.015; Wed, 8 Apr 2020 09:56:25 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <>
To: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <>, "" <>
Thread-Topic: [Lake] March 31st virtual interim minutes
Thread-Index: AQHWCb8n5YThMkwiykuefoFq3Lmp3KhvJfUA
Date: Wed, 8 Apr 2020 09:56:25 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-GB
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f82c767d-a999-4b79-ba5a-08d7dba319bf
x-ms-traffictypediagnostic: VI1PR07MB6302:
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0367A50BB1
x-forefront-antispam-report: CIP:; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM;; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(376002)(39860400002)(366004)(346002)(136003)(86362001)(2906002)(2616005)(76116006)(66574012)(6512007)(64756008)(66446008)(66476007)(186003)(91956017)(66556008)(5660300002)(66946007)(26005)(8676002)(33656002)(6506007)(110136005)(36756003)(71200400001)(316002)(966005)(6486002)(85182001)(81166007)(8936002)(478600001)(81156014)(85202003); DIR:OUT; SFP:1101;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SRwFPR3KiUQNFitbze0kmPF+SodfdiU7y78Gdog9eKBbxQfWR0/gTsecjEoR6r1//VoQGK8SmNZkEhJAjRS+U9AGCH8PGev9ckmNBGi80c0JrPRvshwUDILdyq4JOg/0M4Nccq+F+0EnPT5oldVhwcUxLwGo6jxjTiC9jpyWpDdYERMAKyGN9g09DK5K1d/GqGYvBQOzNdql0E+yRboUG0+n1zaGSs83pZIoTeQpPePAYt9+qBQn0fP5Lws0n7JjSHiW67zTtw6LlVAiLj9Tmld5d/xx4HcaZwaPsv6pA/NG38Efjd9DR5iEtvdIUp4makD1IHxKGzJFyGVu0GOygtasLZQai2fVOH8cWUp26Y69lbelXWmw/7KXdvZpAgE2N3UCQ1+rrhM6LswgNuONQKRw/nq1e+1xoQ9wpWmPUY+PnRpfmA6P57OxLOS4u453QkPGfFpiYwcjXSqHX5auF4G1ePRR8SCtc58qeEcZl4gxlkEuIazEmb1UgZdfUb4sNwLYdjOmCBwAti7SlDs2iw==
x-ms-exchange-antispam-messagedata: u7lEwaoQg5gyQlMuOrAQX5uPYneUbUIaVhDYFwE6AHOWPQxcrsIv3FB74hmWvzblLyQkXUT2d6kMH3FN6Q8gJkbZSnRfK/780C/pIq3VPNlBtIRisI/i9HFScM6e+8XVfcrHyVBnFCtwUD4FzTMxeg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f82c767d-a999-4b79-ba5a-08d7dba319bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2020 09:56:25.1713 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: anc139bx3eatfKJTInN7HrEozM/CjeFc5T8Om2ZZERP2kEfdSDCZpiFZPgS2MJTvQci+4DRiqr4YIcht4GApFG6/15wYmg1Lxey6UyBPu0U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB6302
Archived-At: <>
Subject: Re: [Lake] March 31st virtual interim minutes
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Apr 2020 09:56:36 -0000


I read the minutes and was reminded of some things that were not adequately highlighted at the meeting. (Not saying that the minutes are wrong, but the underlying arguments may not always be easy to follow.)  Some comments below.

"if EDHOC is going to be only solution by this working group, requreiemtns are secondary"

Note that the current charter says there is going to be *at most* one solution in LAKE. Note also that CTLS is already adopted in the TLS WG, and it does not have to comply with the LAKE requirements. Putting the current charter in context there are essentially two alternatives: Either we adopt a solution complying the LAKE requirements or we close down LAKE.

"existence proof"

I think this refers to section 2.10.4 where it says that it is possible to design PSK ECHDE and RPK ECDHE with 3 messages that fits into 1 fragment per message for the benchmarks.

"it is unhealthy for IETF to standardize a large pile of AKEs"

One thing I think is unhealthy is that we don't have a lightweight AKE to key constrained IoT deployments. The problem is not that there are too many AKEs in the IETF and that we don't know which to choose. The problem here is that there is no RFC or adopted AKE that is lightweight in the sense of the LAKE requirements.

While it is not an objective to make LAKE a general purpose AKE, the scope of LAKE should be driven by the use cases, the lack of other solutions, and the ability to reuse LAKE as the security setting change, see migration path in section 2.2. The whole point here is to simplify for developers when moving away from PSK to other settings without having to replace the implementation of one AKE with another.

Having said this, we can and should still reason about the importance of the different settings as in "Ben's proposal for a way forward". One important case that was mentioned by Michael in the meeting but not captured in the minutes is the requirement to support certificates by reference. Clearly certificates are important for many IoT settings e.g. facility management with a large number of devices from many different manufacturers. But, as was mentioned in the meeting, transport of certificate chains is not expected the be lightweight and therefore of less priority.


On 2020-04-03, 15:52, "Lake on behalf of Mališa Vučinić" < on behalf of> wrote:

    Hi all,
    Thank you for attending the meeting on Tuesday. We uploaded the minutes at [1]. If you see any errors, please let the chairs know. 
    I have also created the github issues corresponding to the action points on the requirements draft [2]. Let’s aim at having these completed by April 17th, 2020.
    We will follow up shortly with the next steps and the Ben’s proposed text for a way forward.
    Lake mailing list