Re: [Lake] I-D Action: draft-ietf-lake-edhoc-10.txt

John Mattsson <john.mattsson@ericsson.com> Mon, 06 September 2021 13:44 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14573A0B95 for <lake@ietfa.amsl.com>; Mon, 6 Sep 2021 06:44:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.452
X-Spam-Level:
X-Spam-Status: No, score=-2.452 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDseS-3BlJY4 for <lake@ietfa.amsl.com>; Mon, 6 Sep 2021 06:44:54 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80070.outbound.protection.outlook.com [40.107.8.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85EE13A0B93 for <lake@ietf.org>; Mon, 6 Sep 2021 06:44:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AXP0PUEKd0vf3QNjEL7rwdvLCZPVfAY6j89grqoF6ljFkIs1mjOq9vogtAziLoVN2tpRfaioRMf4TPLPszxjiZAQb+s7If+zAVd3lTLMjmuQP5KTLJdHf5bQo3GeNvXS+4d20e/7kUdmnb8CZtAf8E84kTfx4kNi+OiFDDDiEArzSNpL4sB2iF09L2R71aZVnTqJqKkfRKXS6fRN8tULBUMpnSuwiG02oiwB9vS7yrnWSrLyaTej8hNt3Zh4X3K8vZzNcGPJkXf4GHuvrEAJ4/FDiY1FYenPoaJdOMDqRcAG+r6EPqw4IzPp23NPq8C7tuii9GF0zMMo8bUj/aV28g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OebF7W1+1tfH41t4ymc7TpF+EkxBiNPkvrFqA6a7/90=; b=VN1Y3HkX/W5EolTkbZvYyeL1u4mb9aFJe6gRm2qutm6NMlKyXSPq9+MQhAL9QK9uOi5hs5Rsphxl4J+QslTxOlLnf58m1JfTTqXG1fRkLd2Ea74G72TbonM7c4Ax7Ycya/PoQ3Nm9LHlGqypGXta16+tU00gSP2Y/8E/Dqu0kejiEKqwzFLNSZ9e5tGfC9BwsyoWzqjh/nueCEWcWQHk15pFmounVw9MXUaSgKvbm11szKMdl+2snBv2lx5/ngP0y//EFErIbrhtWfq08ajZBp88ImG2cmO1Nc53yuM6ur/bPIKExDh+kNwrjxK4g17mD+WhNoRFkljF7sjksggdyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OebF7W1+1tfH41t4ymc7TpF+EkxBiNPkvrFqA6a7/90=; b=FhtetbgvmKbgFoURXLJSjxfAWkINdzktbgDezZ9up+py+0y/zCOUlFTDDQCPDsXLLVKD4mos9fs6R/BCcPwZTTDZYnn5JC1fRGQ7SXqEDjTrjmionHH2DZegirlyyaB9QQ2r3F7jLTfKfbgcGia/7+SGU1DrEWE508CLhRWkQW8=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2140.eurprd07.prod.outlook.com (2603:10a6:3:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.10; Mon, 6 Sep 2021 13:44:51 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b%8]) with mapi id 15.20.4500.012; Mon, 6 Sep 2021 13:44:51 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] I-D Action: draft-ietf-lake-edhoc-10.txt
Thread-Index: AQHXoa3oYQDfBD4qdEGHNebKvFC1Z6uUGmqggALsJc0=
Date: Mon, 6 Sep 2021 13:44:51 +0000
Message-ID: <HE1PR0701MB3050C7B8D60741F2CD42A78889D29@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <163077455804.21500.299011346448018504@ietfa.amsl.com> <HE1PR0701MB3050DDB7DE8073681465D18E89D09@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050DDB7DE8073681465D18E89D09@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5366b298-57b6-423d-5f59-08d9713c8057
x-ms-traffictypediagnostic: HE1PR0701MB2140:
x-microsoft-antispam-prvs: <HE1PR0701MB2140F9B450445A46A9E7620289D29@HE1PR0701MB2140.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QASm9N0tyfyaI5KCuBtJLU5/7gu27YArgA3kqqTMQS2YH/OvZtS1BHz8gZBRcxI8x0B2NI0Gca1XaP6eLge7yTZOJOUR1GBP3rh1k0aM/Svp6YAaa6HfaETj+RR4Onsimjk5x9ikQDVpacYAwtvMxBiX8ouSfh/kLXbPYGzeo0yaP8Ke19v/5e4G3eXZmW9/1Rwnr+/piejTo5OjhC49xvoqNVC3ESlWEpH0l3yCLLc2AEUwyhGagKcS62UUAdwhxe4kIM72ia7N0aEX2L9B2Z5p7SQbbH2ietPSIkLzNLzhyfD3A66LO+3ncgcq63FaTheK6bLrFy/NMpSggiTXBukCS7SZbYapQOKP6ShMkkHg9oHAjCc4YjatP0rG6z87cZTPr/Za+NxeUnsE/FDUkS+aR+M/MpuYcllzHo6XNoX67Li3bPbzE/XFKJNcu7iyv/LD1Sesbsij70N76XZoZN8CWIbT4lLeL2HqO6dX/KO0r9kRA+XvoaYGWzxw9sTKg7GBRiE5/T1uI00e2/moKIXA0cheACY4zU/jo1s46YYWJz+Xyu3IkFBCyXc+OkHP0jbRbDCrvfXkcaFaO0nigJ7PxRfBw2u/AgqJyvVTSt4Fseo22yvoxJ9sbsio1pLNsb5RfF4GZjF5VbygC+j+aJRM+TbousbQLd+SbGflRejUAQZTRwGzkqWdKT5+pggQ6I7NudJUICQUpv6MpmsNo/fo3J74qmmhMoq0wGKDX1+/9NzHD9/Eta7Z7HJZ1k+ETL7RBNaR5Vc4ABi575VKDDJ62CFHU6K4zC0+ooVtwx9r+zJm1x7XPDTYAN6kuD8Gpxh6bNnjsMyOjqXQHOiMuA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(8936002)(186003)(76116006)(38070700005)(2906002)(86362001)(55016002)(9686003)(26005)(7696005)(71200400001)(166002)(38100700002)(122000001)(966005)(53546011)(6506007)(316002)(6916009)(83380400001)(5660300002)(66574015)(52536014)(66556008)(66476007)(44832011)(33656002)(64756008)(66946007)(66446008)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?wAmNB49N+O4El9Tz1nwm7TG+twOeh/0SDaSWIDiWDchLvSZ3O1kA51t5hr?= =?iso-8859-1?Q?vuEdIMz18Uoz0/D6KOrwLmL8D35MrEycNRB9ok6bJlRgEhvNcUe2tnU5Io?= =?iso-8859-1?Q?gj4eHifpeyp0wAfORZHVZTb6X7mUSgMF1rZ5dyXhoZLhO6x1vrV2nfV7Vm?= =?iso-8859-1?Q?41QQWvbBJluNa8RphNSVXFf5433oXgqJMwF0oEMPSfXhAkr8iNe/igoSvj?= =?iso-8859-1?Q?9laB5eB6VqYGXDT4VqchEpvToUu4vDFEGLh1B1q6mrM5O3wWT2mKBZ0psh?= =?iso-8859-1?Q?VUF+OUKC8qM3mLyJ4/cJpyTFSe+z0oeeV/NMDfbmGryul133ZhQ86n+Kqi?= =?iso-8859-1?Q?ewZSz+IFKKEmtcvFd/li2KFnWNI+baqYIpgaBdndBvZTHZOzpP4RpyCk0P?= =?iso-8859-1?Q?ooGm0U+kIQkkM4T6p7cqZ3BKvH5QN4U1+e18Ol2szfi5u8vjUpjtkTvnjN?= =?iso-8859-1?Q?/WH2yRVW3X8fvguVWLljesDjDGmH7NHtfBVC2hZDwh/Zxw7NtkUEvYV4p9?= =?iso-8859-1?Q?F4DrFmA856H7QhuFsBT7W8g8opopta1HF+zTuloKKGUrbr5o9R2lTjo12p?= =?iso-8859-1?Q?Vh4f6lY9owvp0XoiiwoSw0lnPwbD9JZzlW/qiOtStbZ+cG7ndyunxCF0Tg?= =?iso-8859-1?Q?t4mK84rEQ8CnsBsje1ztWsGFUhy8+e+0vtONBSRb+Nhr9AxE9B3yxSO7qu?= =?iso-8859-1?Q?pXvM/PY11n5rREX5iSfC9eoV/Ykv84af90Iec7brhmz/uhtNJirHGXeQHG?= =?iso-8859-1?Q?3BHcxQ4a7GPe5cQDSEDZrujBtarrhBoo7okjV+f0Pq7HRfMv7EghDRvqwA?= =?iso-8859-1?Q?hxzj5sTcO21iTh0d0Z6PlIkAFEs8u+OES0fXA5AEF1mGMSeqJYXYb/j/fz?= =?iso-8859-1?Q?A/KeSX14vX+GW/ZYlsjjXqrwZVRqwZZ+GxRHoe9UnpU5+qLm+g/9/cXNLa?= =?iso-8859-1?Q?Y8s+neamPdOeFO3D0Ueccw4v90MO/sSjOK1A7RjqDsPTk7igz4wdPjPa8+?= =?iso-8859-1?Q?m6dtxWwKl4yOBguoqm7mXh0tNYvxY9/iqxsj8OPCJFBtgWmbTtSmPBBi1Q?= =?iso-8859-1?Q?ERKSHa0NpyGJh2tz5K/WVSp1iO5kvllOrbQZSBxfXTuw3SNGkVhExdBVis?= =?iso-8859-1?Q?QpO67j+Abgiau9UbcdPJzollBYrAaAsEfDVntEJGxUgVayLgzOZmVxhbzO?= =?iso-8859-1?Q?t4VwEr+hLhKivtcJUCWOjSDvR19r54grIAspD/2/eg3WiKHRwEO2pZPzOW?= =?iso-8859-1?Q?AXPog9z2d0no1pVwA3BHaE9hePrlLUdicvm4AHLoMKdkvu4ljn9HW98YWV?= =?iso-8859-1?Q?SW4pTgbz+Ql9gBK4pLPHvkfD4v/hXsMBOTvDMi1Rynngq0p+pK3VuNtVUz?= =?iso-8859-1?Q?ituohytDb8g2MR8GxV9XreAkr96p/Njg=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050C7B8D60741F2CD42A78889D29HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5366b298-57b6-423d-5f59-08d9713c8057
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Sep 2021 13:44:51.2982 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Gd0MKy+1gCDwiOAyDc0/PnaE2SuzKTH9TC4GFfN5ST99kIpcDNRMwP4kwbOERhh1gWw3/ZgXl58scm9v9RyKiUOc99kSKaB7jKf4xpCdH0c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2140
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/rFXYHthAfA083hzGnZsXe0gp0AU>
Subject: Re: [Lake] I-D Action: draft-ietf-lake-edhoc-10.txt
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2021 13:45:00 -0000

Hi,

I very quickly transformed my -10 test vectors to JSON (or almost JSON as JSON forbids a trailing comma and I was too lazy to do that).
https://github.com/lake-wg/edhoc/tree/master/test-vectors-10-json

I just quickly tried to convert my test vecors to JSON. I tried to somewhat align with Timothy, but there are some differences.
https://github.com/lake-wg/edhoc/issues/78

In my test vectors, names ending with _raw is not CBOR and everything not ending with _raw are CBOR sequences.

Happy to change my JSON test vectors to any format implementors would want for interop testing.

Cheers,
John

From: Lake <lake-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Date: Saturday, 4 September 2021 at 19:35
To: lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] I-D Action: draft-ietf-lake-edhoc-10.txt
Hi,

During implementation of test vectors for -09 we noticed some minor problems that required updating the specification. We
felt it was important to quickly publish test vectors along with a matching specification. We have therefore published -10 with the following changes:

- That the application was able to input a CBOR sequence in the exporter could lead to info not being well-formed CBOR
unless context was validated by the EDHOC application. Context has therefore been changed to an ordinary byte string
(wrapping the CBOR sequence in case of MAC_2 and MAC_3).

- The flexible truncation of SUITES_I led to a lot of questions from implementors a year ago and the test vectors had
previously been simplified. We now updated the specification to always use the maximum truncation of SUITES_I following the
previous test vectors. This also means that the selected suite int is no longer needed which saves 1 byte in some cases.

- The UCCS example was missing a 'kid' parameter which is needed to use it by reference.

Updates to the COSE IANA registrations:

- CWT and UCCS now has two separate header parameters 'cwt' and 'uccs'. They have quite different security properties.

- We noticed that that there is a third 'kid' parameter. The draft now extends the CWT Confirmation Method kid
parameter to bstr / int

I have implemented test vectors that aligns with the -10 version. Source code and a text file with a several test
vectors can be found here

https://github.com/lake-wg/edhoc/tree/master/test-vectors-10<https://protect2.fireeye.com/v1/url?k=70766edd-2fed57f6-70762e46-866038973a15-d46f3b783c4a1890&q=1&e=6131de5c-08be-4ab0-9e32-780c6d9888ed&u=https%3A%2F%2Fgithub.com%2Flake-wg%2Fedhoc%2Ftree%2Fmaster%2Ftest-vectors-10>

The new test vectors also include message_4, as well as examples of uccs, ead, and messages. The new test vectors will
be used to create something like the test vector appendix in -08 (either as an appendix or a separate draft).

Cheers,
John

From: Lake <lake-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Saturday, 4 September 2021 at 18:57
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: lake@ietf.org <lake@ietf.org>
Subject: [Lake] I-D Action: draft-ietf-lake-edhoc-10.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Lightweight Authenticated Key Exchange WG of the IETF.

        Title           : Ephemeral Diffie-Hellman Over COSE (EDHOC)
        Authors         : Göran Selander
                          John Preuß Mattsson
                          Francesca Palombini
        Filename        : draft-ietf-lake-edhoc-10.txt
        Pages           : 76
        Date            : 2021-09-04

Abstract:
   This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a
   very compact and lightweight authenticated Diffie-Hellman key
   exchange with ephemeral keys.  EDHOC provides mutual authentication,
   forward secrecy, and identity protection.  EDHOC is intended for
   usage in constrained scenarios and a main use case is to establish an
   OSCORE security context.  By reusing COSE for cryptography, CBOR for
   encoding, and CoAP for transport, the additional code size can be
   kept very low.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-10

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lake-edhoc-10


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


--
Lake mailing list
Lake@ietf.org
https://www.ietf.org/mailman/listinfo/lake