Re: [Lake] I-D Action: draft-ietf-lake-edhoc-11.txt

Göran Selander <goran.selander@ericsson.com> Fri, 24 September 2021 09:27 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A302C3A2072 for <lake@ietfa.amsl.com>; Fri, 24 Sep 2021 02:27:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4e8usK58Feg for <lake@ietfa.amsl.com>; Fri, 24 Sep 2021 02:27:21 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2060.outbound.protection.outlook.com [40.107.21.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26A813A2070 for <lake@ietf.org>; Fri, 24 Sep 2021 02:27:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BoYI9vd8iEhguhBemXzwgIV5/DVsmEwFd6ZpYHwaLv7+Y42495v9MibO70XLwnDrYzbO57uhFj/UQ/HiKMBvIWLBAB/xIcroq899NrJ6brub1/YsRYNGMbYYXXL7954MYEQXRpRU21E1b35aRcFhTycJ/lC7MWJ1NcboqKQ119tGJvOLF6EzKSko1pZrCxzAEwm78CdfaGJVBK9lSq7Q5j143FEyE+ABEwq558xqSq8BSc6GQ8w6BPxtpd6WxV9srcVSAw0w5jtEToowxX1Uy++aqZEcDRA6uRRu647xgUP+/mbmtWp9CW8E5Ayc4oC3l5ZXrHzYBrUymLMv23cv/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OfDjl3+bEcLzw/dVnZoSqKO+v4cRHrqXvz53VrA4hQI=; b=Gn4oKZLCPaPaJGYMdYg1YBfk1aWDHUQwDPQOFphrnQ9g73rmV4t8fM1+WQK7RnczZPXKkWwiE/CppLM4hDQGvAw12APJ18yqRD3vZYFhhyaZtnAGMR3hJdSc8VFfyHfFQNQ0WGs8hUAPK8ptlehFEGLFq6Yyz68R2S8mqcEXEK117wFOtdeWq/07W0RmHG7M+uWIGe3GOgLPdXtfzTvSN4VYL2KIdcmTyRluobrGy4nyKy/I68NaBM4JltJqMRcZmMSlIAxZKofDIOyfTcWh0wrRrnv9aObs5C7YmjZc19Tx6TNpvtTr45Z+DY0mfDf6RWQa5zA6L5F9x4e2Ss+0Gw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OfDjl3+bEcLzw/dVnZoSqKO+v4cRHrqXvz53VrA4hQI=; b=dojtrZDjgdNBMKm56ysVKinPM4hzu6+z9siTgnv6n0M4Zb5pJKtIMGN5ThJvZkRvxokVgVKNcISI8xW0irjsojOnO1g8QLukXBzFfwsGUjka1A72UnQVrntinteqb2wjV3kNuPfi1Yrb8tOwIOEiA1MCVIA3HhtFIb8HdLhWRgg=
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com (2603:10a6:7:31::20) by HE1PR0701MB2507.eurprd07.prod.outlook.com (2603:10a6:3:73::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.9; Fri, 24 Sep 2021 09:27:17 +0000
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::bc2f:cb60:1534:245e]) by HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::bc2f:cb60:1534:245e%7]) with mapi id 15.20.4544.014; Fri, 24 Sep 2021 09:27:17 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] I-D Action: draft-ietf-lake-edhoc-11.txt
Thread-Index: AQHXsR9RE82cQ8vZAESE6WftlFKKLauzBSMAgAAG4IA=
Date: Fri, 24 Sep 2021 09:27:17 +0000
Message-ID: <4E6F8F98-81F5-4387-9674-D034022F52EA@ericsson.com>
References: <163247258918.10544.15057097586216868685@ietfa.amsl.com> <95530431-4330-4BD7-A729-1D8BC76231D5@ericsson.com>
In-Reply-To: <95530431-4330-4BD7-A729-1D8BC76231D5@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 125c2041-5ac0-43d2-3b53-08d97f3d80bf
x-ms-traffictypediagnostic: HE1PR0701MB2507:
x-microsoft-antispam-prvs: <HE1PR0701MB2507C2F82B6558B5EF617F4BF4A49@HE1PR0701MB2507.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lr0CJxjRDYDYRpKcldV0sm5TtPkms6JEonSOT7hct4UjSe/C7CvM/sP3R00+6FQMfl7LO39B1ZvCkFF+8q4p81Xul7kw0rOWAJk08gLSbLm7gZKH5CKRNSphbPzpTL5uV9+5OSsaSfKF0QnDY8C0V/NmKymGIzCAvkUFUlcWmgVpiccC6YCyIZwRTw9DoEXrCAQRh1hW31fzGl8DHeV9Q0UenKWIv99USoQT1Jws3v8FM+c0wv5tnzfOA3BFmMnDJ4fyrKurf57/ADiBod2tnDe8b1uQ+wLkeUFzm7mMODps1LO8PNW1cpbNlrBqKhNn3GvpzG1yH71xTPGhlDfIsTK1KssGshbxtUuGhUNKX76m4sRm2GVFQoPth+XrckYh1DMcmtB/5JqMEU/ebcFyjMy+AQDaxZepwqrwavX2NEOsPpxyL9f7klyw5iR8XvIehr1O/1sGmuKGY1Hz6vqhVML8j96sTweGCdzQX4Ue2m7j7lc3VYvP3iwi7AZFOzWSXIFeeCve/mfHDYF5oWMn1cXl53ZeN4Zv27j/XVivAjamHt7PqKz4zt/bpr3/eh68AQ1BN6K/6ZGbW7f4jfkXPWVo+yUM9GWmN4ZTjaxdJdU6uOKKOj1Z0vWxU1fdAsk5PzApUI5RNOXZRS6vON2qZSHsVg/ZHS6PqVCMAlxSqPFu3r9aDgiJuW9YbAp2HjPawZtDXFEksD20Jio0yFFx38nvh34bkAmx4XNHbWausLIjQXeJDpwuq7yCNY6ZfXJi75rpYD36PzPL3+4T/pEf03kdJRN1LMq6iy8SW5dK+6clS7UX1D0FtULALfoC7ySwS1oLvtsfp05wBwcSrRxYcZS20QjC+KHswbEQdxWfRn0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3500.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6486002)(26005)(5660300002)(8676002)(8936002)(83380400001)(122000001)(85202003)(33656002)(64756008)(508600001)(38100700002)(6916009)(66574015)(966005)(36756003)(71200400001)(6512007)(66556008)(316002)(2906002)(2616005)(76116006)(85182001)(53546011)(86362001)(66476007)(186003)(6506007)(38070700005)(66946007)(66446008)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?U0dzWTI1dUhCTTdCVlp5cnI5V0JHZ3dlUkltRVJoWlBzTFcrNGFyeW4vNTNT?= =?utf-8?B?U0toelljeVJJd1hiaHlPTmhUQzkycnVvWk92SlI1bkdwUWVKUWNRcjlnaFhS?= =?utf-8?B?aEo0NlZ4YmFTZjNBbGxPdXd4N1pqZVhMMEQzaHlZcXV3SE1pUFRsWWFCN1gx?= =?utf-8?B?Zm9DdGpFZm5Oeitnb2hQUHJyVTU3N3lXMXZuTDEyYUlKekVPVTA0aDF5anpP?= =?utf-8?B?Y3pkdzVCaURwQUJyL2NQSlUrd2ZKTStJSTM2eEt2NTFTZjJpcStBcE5qZTdC?= =?utf-8?B?dnVTeGFpVWdLNC9zUXFvMHZtc3l0c2tUZG1ZdHhpbEh4ZkpDSjFrbXBwcEdS?= =?utf-8?B?RDNsYUJ5RmpSVC9rdVgvOG9TNmsxL2Rzd1BFejUvOEp3b3ZPRnNwUnFuUjha?= =?utf-8?B?NXBnN0k2RzJITDFTaEZiOFhoa2doajQ3MkFPNWVMdkhxeC90UXNza1U3M01a?= =?utf-8?B?eXR1VkJoVXRQdkFwTFVqKzgyRS9FNnFDTEVOdmNUUEJqeTcrQjdYRFJWWkpS?= =?utf-8?B?N3VzMWJjdmp0V013YjVYakNUbjh0ZmpMQis3Q0ZiRXA0b3NxcWY3MGVwUVFh?= =?utf-8?B?MXdocVY2TStaZlNZMDZIV21ONTM1cFJoTGtlYVdrS0FLbVZzbytPdElXL2lk?= =?utf-8?B?UmVaUXdrSFJtRlhvU1A3a1NTVVh1OEgrNjc3WWd5aWFUbTRYNk9jNllHckxI?= =?utf-8?B?eEVyRHpnZTlYQitleS9HYVF2RnBVN3Y5WlJxdEtXK2lxcmZSVnZ6MEV5R29r?= =?utf-8?B?Z3pvOG9hY0xtdXBLRWp5TUwyOFYwelFiZkh6QUZjSHQ2S253Z2hwQXlFNDNo?= =?utf-8?B?V3gxak1jWHowbDBMVko4UHNrYUluVE00Q1ZlVVdockFJS1BOVkkxRXBxMU1q?= =?utf-8?B?T3VJZ2Q5RGM5SnBybXYvd1p5QWdkVGxFMi82blV2dDV5MDF2Q2J4c3l2VW5k?= =?utf-8?B?RFFML2NkeVRKWjFBWmpjMlZWRHJnckNTcDA1ZTNjWkplSzA3dEVrdjg4aDhM?= =?utf-8?B?WWVjUnFQbVVxQlp4WjBGeUx6V3RzV0dOTFc1Nm1qK2VxZDY2RWQvb05qTFk5?= =?utf-8?B?Qm85OHNWb2lnREREL0U0TktvS3JYbVQ0eXBPcnFjRUVGYzFXYzZoa3dMV00v?= =?utf-8?B?RFU5VVhXYVJtL1kyUDNUZUdDT3lnVERkMnRXMWk1Z0NXNHpYaTlhZWRBSjNY?= =?utf-8?B?bWk1S3J6eGdES094aEpYUFEzNlBqZjZFeTlSV2FBTlM3T3hpSnkwSThoczAv?= =?utf-8?B?NFVGdlZaZHR2Y21nOUFobjZ1T3BhMmVGK3UxNlJRZFBOZnNjczhZZExoMHNT?= =?utf-8?B?WGVucENhSnNWMG81NTNjQ3NPUE5sK2hoeWpUelA3M3VCMDhpRE9IQzM2WWox?= =?utf-8?B?M1VOeVhoVW90cEtsWnMxa1FrVnQ0MDArNzY1UWs0VEl6R2lNTFZidk9DVTVy?= =?utf-8?B?SjJMWWRsRStzSU5JdmtlcUR5YlQ2K1NPTXVucFoxcWVKcWtHVXoxNFhOMWFQ?= =?utf-8?B?UGMrOVlkWEtrNjE3YTF5Nnl3alBoVnRiUndEMEp3VW54d0FrRWxmZ2hPeWdi?= =?utf-8?B?UUhEL0czYjB5SHdrSkFIVGtPTVYwTU43Y05qUGRPSkJRT2RSN3ZkUzVTelBt?= =?utf-8?B?OXk3R0FNUHlrZFUrbjZxMkw0WUZRY21TOWtQUWhyMlZ1TW80U09ZMHRCQklw?= =?utf-8?B?MmdYZXlhM2lYaHNJZjBSWml5S0N6Mnd5enQ1aG15RHljZTFIZnNmUG1NTWF0?= =?utf-8?B?QmhsU01sY1VZTGgyMHNwaWtLM2Y3NHRBd3RwMmhOeFN3WWFQSmMyeHJvZ1N1?= =?utf-8?B?ekZXZmtQV3dDclBCeU96Zz09?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A383CBDF8E983342B1E4C7A55F6CFEFA@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3500.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 125c2041-5ac0-43d2-3b53-08d97f3d80bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 09:27:17.8365 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N8VXrltXFhmKFCAKBumuB9pvC6E9ODq8d2REc8AX7U3zTGzK8/fMC0keNhkfKh0tktp0hQQWV+Sb7ebZyztm/yp8aj8cuihvjHNIJ0IBYG4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2507
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/qpTMIwoBBnIJbMRDKi7s9CGJTpU>
Subject: Re: [Lake] I-D Action: draft-ietf-lake-edhoc-11.txt
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2021 09:27:27 -0000

Let me try again. 

A new version of EDHOC is just posted. We think this is ready for interop testing and reviewing.

This is the third version in a short period of time following early implementation feedback on the major revision -09, and a design team meeting discussing some aspects of -10.

The main changes are listed in the mail below. To highlight some, there are a number of changes to labels, syntax, etc. These changes have no significance on the overall protocol but impacts the test vectors. Another change with similar impact is the change of the info structure used in key derivation, where edhoc_aead_id is removed since we realized it is already included in the selected cipher suite and thus redundant. There are also more details and clarifications about authentication parameters. 

This draft is complemented with a new version of the test vector draft, updated to edhoc-11:
https://www.ietf.org/archive/id/draft-selander-lake-traces-01.html
A more extensive test vector suite in JSON and related code that was used to generate them can be found at: https://github.com/lake-wg/edhoc/tree/master/test-vectors-11

We are looking forward to feedback, at the upcoming LAKE interim or whenever, in particular what people think if this is ready to progress. 

Göran


On 2021-09-24, 11:03, "Lake on behalf of Göran Selander" <lake-bounces@ietf.org on behalf of goran.selander=40ericsson.com@dmarc.ietf.org> wrote:

    All,

    As announced we have uploaded -11 which addresses all protocol impacting issues known to date. We 





    Restructured section on authentication parameters
    Changed UCCS to CCS
    Changed names and description of COSE header parameters for CWT/CCS
    Changed several of the KDF and Exporter labels
    Removed edhoc_aead_id from info (already in transcript_hash)
    Added MTI section
    EAD: changed CDDL names and added value type to registry
    Updated Figures 1, 2, and 3
    Some correction and clarifications
    Added core.edhoc to CoRE Resource Type registry

    On 2021-09-24, 10:36, "Lake on behalf of internet-drafts@ietf.org" <lake-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:


        A New Internet-Draft is available from the on-line Internet-Drafts directories.
        This draft is a work item of the Lightweight Authenticated Key Exchange WG of the IETF.

                Title           : Ephemeral Diffie-Hellman Over COSE (EDHOC)
                Authors         : Göran Selander
                                  John Preuß Mattsson
                                  Francesca Palombini
        	Filename        : draft-ietf-lake-edhoc-11.txt
        	Pages           : 79
        	Date            : 2021-09-24

        Abstract:
           This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a
           very compact and lightweight authenticated Diffie-Hellman key
           exchange with ephemeral keys.  EDHOC provides mutual authentication,
           forward secrecy, and identity protection.  EDHOC is intended for
           usage in constrained scenarios and a main use case is to establish an
           OSCORE security context.  By reusing COSE for cryptography, CBOR for
           encoding, and CoAP for transport, the additional code size can be
           kept very low.


        The IETF datatracker status page for this draft is:
        https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/

        There is also an HTML version available at:
        https://www.ietf.org/archive/id/draft-ietf-lake-edhoc-11.html

        A diff from the previous version is available at:
        https://www.ietf.org/rfcdiff?url2=draft-ietf-lake-edhoc-11


        Internet-Drafts are also available by anonymous FTP at:
        ftp://ftp.ietf.org/internet-drafts/


        -- 
        Lake mailing list
        Lake@ietf.org
        https://www.ietf.org/mailman/listinfo/lake

    -- 
    Lake mailing list
    Lake@ietf.org
    https://www.ietf.org/mailman/listinfo/lake