IETF Logo Mail Archive

Re: [Lake] WGLC for draft-ietf-lake-reqs-01

Göran Selander <goran.selander@ericsson.com> Tue, 24 March 2020 16:37 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE393A0991 for <lake@ietfa.amsl.com>; Tue, 24 Mar 2020 09:37:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6Fmj1sw61QY for <lake@ietfa.amsl.com>; Tue, 24 Mar 2020 09:37:08 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on0602.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::602]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 763443A098D for <lake@ietf.org>; Tue, 24 Mar 2020 09:37:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fBaEaQws1oNEYSRRxRLgN3/j1QI2weacyo6UG7JpZzQL3tYIbVtrH+L4S0ZRGgcW3Fj+Psh5ZqT/5gFShGQubA9iX14jFwxqPrO5qhLf1uELr3xCvdylaaiRIauHwKJw7X7fO9xC5DJeRVT6TZqzaSqKSmIAL+P8SDQ+SZRnli0w2Xo2NLT50HCzc+pWXFOqDSKTcLvE7d3C48JqvPcof4XdS8Itrf+oPDjHGm6Y1xBwzlGFfrkmxnyz5Uzs9AqTaAdceH5h1l/q8mqOTqBZuQetG0g+wlmuklB/Xx/hSMEDwQKPkcjXROq/ahOGhKsQOz/q1VxNWSWWuLiLQGmx/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9m74gMJw0lAK/ZEz2scYFxpMLQManG9Ns1eUCPbDhrU=; b=mdpsUbt/hyinKHeup+PQz62qkddnn8Nhbpzi+33Op0V2udLAdmkOmZ7CGdSIFYVmtzxuHZkqnEFFseOIYGla6I6V+qWDnL64wuKJyLVnIpjUoadoGUf4YMrghsYOxn2eGVp/wnD1sNigXEdpfCjGa+P1Kc4w5L7t1DcDhDDDnnJDrEWQOCmkC6H9usfXn/w4KlNcICVn8rBZRCpvzubNpvKwVjKP+q8X4bfB3wGJz95Clg1nK3j31yPi1UPXiC6lcP6kZZfHUXDRVLjlfP/S5wf37ypWK1aBvLUPiEZMdAFeVBoh4gSBe1P7Kv/vyIVfk6fUKYgicSK/qcn4CLOaNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9m74gMJw0lAK/ZEz2scYFxpMLQManG9Ns1eUCPbDhrU=; b=GmH4+RqN+CYzAx0aAJQ81FBks1DT+2ABB/SuN4IzKmKq26i9JnaAEUWudGjuim70fh7RxxAVfm9oE+z3AbQAnEEmPnaNhMY223sgMlmqj3R5bBiJzVlr0n7lo6zUKlNbprcLL8atwOIoCGrpgULForoy5yh6QohEc0UQcTi/XG0=
Received: from HE1PR0701MB2217.eurprd07.prod.outlook.com (10.168.35.12) by HE1PR0701MB2153.eurprd07.prod.outlook.com (10.168.36.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17; Tue, 24 Mar 2020 16:37:04 +0000
Received: from HE1PR0701MB2217.eurprd07.prod.outlook.com ([fe80::c086:6c8b:520f:6de6]) by HE1PR0701MB2217.eurprd07.prod.outlook.com ([fe80::c086:6c8b:520f:6de6%11]) with mapi id 15.20.2856.012; Tue, 24 Mar 2020 16:37:04 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Christopher Wood <caw@heapingbits.net>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] WGLC for draft-ietf-lake-reqs-01
Thread-Index: AQHV6MwfpoQpCxgEvkuW+iJEnj1xX6hQPu4AgAALcYCAA3UEgA==
Date: Tue, 24 Mar 2020 16:37:04 +0000
Message-ID: <B4637FBD-F6A9-4374-B885-4CD0C9121767@ericsson.com>
References: <b7c084b0-8489-5c05-046d-33aa70c85b94@cs.tcd.ie> <191b7e3c-4453-a60c-7d5d-07a051e8b85e@cs.tcd.ie> <c00cfe1a-db73-4d09-b03e-d9e290c05642@www.fastmail.com>
In-Reply-To: <c00cfe1a-db73-4d09-b03e-d9e290c05642@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.246.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 836370f7-1626-4668-1281-08d7d0119626
x-ms-traffictypediagnostic: HE1PR0701MB2153:
x-microsoft-antispam-prvs: <HE1PR0701MB215368B786F95BD007FAE542F4F10@HE1PR0701MB2153.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03524FBD26
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(366004)(39860400002)(396003)(376002)(81166006)(8936002)(81156014)(478600001)(26005)(8676002)(2906002)(186003)(86362001)(66556008)(5660300002)(33656002)(85182001)(76116006)(66946007)(66446008)(64756008)(66476007)(36756003)(66574012)(110136005)(6486002)(85202003)(2616005)(71200400001)(6512007)(6506007)(316002)(53546011)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2153; H:HE1PR0701MB2217.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mCGdC8PhagMHH05jG4nX5ORHkcYOzzeC58T0YPHRuYegBlBrN2xMw1vP6x1Q6U2n1uPnIgpj8ESZbCEBIFM6zytt84/XESvE9qUGFUadFUB/9ul8mnfJDNvZmTwYSZs1MbyE6KOd5RJAC4MsEGQXoKUIm5zAeHOHwWV9yulgGxePs0a97sowh8X06AKNockbTIBpz9+D30csdwhw8qJ/+JyAikNYUeB6ENWXFA9ZZh33UesRazxkXMzXsgT1RHorULDslpTEHrwN8XgQMa/M9ZzeR2k4+qIf2curOIecFudBi+Pu5h82zx98ZKnbMIGbQsgGaIcROOoq10MU7REhxWKlHPsem2bwgFZMiTIazUgcPFhSCBq6MBqJjmmEk+DQPBOBxfrcBrIz+K5ciovlftN7RGS+rqH8BegqN5kRSK+mdlrlBKGGemaEXiDjJ7QjbwYAh8L7FsBaSRF4Yid7SALbgcPE78ZiyOs3IH6qMzaSoRwm6Dg0AJybgjnAIvP5Iw1W/ojxgoI9sEy3M+RH1A==
x-ms-exchange-antispam-messagedata: rau6BWCDvaWrVsDwNuQvdixEBA6+oOBwcbxuPqZlw6d8cWjheJZ2nzVVKQkwMVYbEUAWSAXnvefZZEL3fhrrUsBRUXhJjSTLr4U1RW7C4CE9kw1qp2V9D7s5KrI+VQlYzk6Z9sJ0DwT/GIcO1LW5ew==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BDAB0EC62494F4429EF79EB7BC767324@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 836370f7-1626-4668-1281-08d7d0119626
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2020 16:37:04.6964 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Sueh3B3YItN+Iorq1vXvFqlDbnFDx3uvumSqwnsUdVzZnTXmz0a4TOtk9jyaSjzFvCDMpl9Je1YL37kAn3wupewGk3oBb1JjVycOfhFHIyg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2153
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/scnLJmaaEaeL8j9lfwAoAZFE3kU>
Subject: Re: [Lake] WGLC for draft-ietf-lake-reqs-01
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 16:37:13 -0000

Hi Chris

On 2020-03-19, 17:47, "Lake on behalf of Christopher Wood" <lake-bounces@ietf.org on behalf of caw@heapingbits.net> wrote:

    Thanks to the authors for compiling this list of requirements. I think the
    document is in good enough shape to move forward in LAKE. I have some clarifying
    questions and comments, which I list below. I hope they're helpful.
    
    Best,
    Chris
    
    ~~~
    
    Section 2.1:
    
       Furthermore, there is no assumption of
       dependence between CoAP client/server and AKE initiator/responder
       roles, and an OSCORE context may be used with CoAP client and server
       roles interchanged as is done, for example, in [LwM2M].
    
    Does this imply that a single OSCORE context, which I assume (maybe incorrectly)
    has credentials configured, may be used in both initiator and responder roles?
    If so, should we be mindful of Selfie-style issues? (It's referenced later, so 
    perhaps not.)

GS: The result of the AKE is a single OSCORE context that can be used by both CoAP and client server roles. The client and server has unique identities to protect against reflection attacks etc.  The case with more than two parties legitimately sharing keys has been considered out of scope for the AKE, as is noted in Section 2.3. Is there something else missing?

    
    Section 2.2:
    
       The security of these
       systems can be improved by adding PFS through an AKE authenticated by
       the provisioned PSK.
    
    Is it worth mentioning the hash-based ratchet technique for improving forward 
    secrecy as an alternate?

GS: Included in Section 2.3 (Confidentiality).
    
       In order to allow for these different schemes, the AKE must support
       PSK- (shared between two nodes), RPK- and certificate-based
       authentication.
    
    2.3: 
    
       Moreover, it shall be possible for the receiving endpoint to detect a
       replayed AKE message.
    
    Why is this in the mutual authentication requirements section, and why does it
    need to be a requirement on the AKE? Would it be better to require that replays
    do no affect the security of other AKE sessions?


GS: Rephrased accordingly.
    
    2.4: 
    
       The AKE shall provide a mechanism to use the output of one handshake
       to optimize future handshakes, e.g., by generating keying material
       which can be used to authenticate a future handshake, thus avoiding
       the need for public key authentication in that handshake.
    
    Do we need to constrain how (often) endpoints use this state for future 
    connections?

GS: This is a relevant point for the solution, but I'm not sure the details needs to be specified in the requirements document? The updated text has this added sentence: "The AKE should give recommendations for frequency of re-keying, potentially dependent on the amount of data." 

  
    2.5: 
    
       PAKE and post-quantum key exchange is out of
       scope, but may be supported in a later version.
    
    Hybrid variants likely don't make sense for LAKE deployment scenarios. However, 
    it's unclear if the AKE shall allow hybrid KEX algorithms. (Perhaps this might 
    be mentioned in Section 2.8 instead?)

GS: We assumed hybrid key exchange is out scope for now for the same reason. Noted in this section.
    
    2.6: 
    
       In the case of public key identities, the AKE is required to protect
       the identity of one of the peers against active attackers and the
       identity of the other peer against passive attackers.
    
    Should we be more precise with respect to which role (initiator or responder)
    has passive or active protection? SIGMA-I and SIGMA-R differ in this respect,
    at the cost of an additional flight, so it's probably worth clarifying.

GS: This clarification was added.

    
    On Thu, Mar 19, 2020, at 9:05 AM, Stephen Farrell wrote:
    > 
    > Ping! Today's the deadline day for this. Please do try
    > get your comments in on time.
    > 
    > While this hasn't been controversial in the WG, I would
    > like to see more comment as there hasn't been enough to
    > determine if we have consensus to proceed. So some more
    > mails saying you've read this version and are ok with it
    > would be good if that's the case. Or if not, why not.
    > 
    > Thanks,
    > S.
    > 
    > On 21/02/2020 15:32, Stephen Farrell wrote:
    > > 
    > > Hi all,
    > > 
    > > The authors have asked to start a WGLC for the requirements
    > > document. [1] This mail is to start that. The deadline for
    > > comments is March 19th in order to give the authors time to
    > > prepare for discussion at the upcoming IETF meeting. Since
    > > my co-chair Mališa is a co-author of this draft, I'll be
    > > the one calling consensus on the WGLC. (If that gets tricky,
    > > I'll likely ask for help from our AD.)
    > > 
    > > If you can, it'd be great to get comments in the next week,
    > > to give the authors a chance to publish an update before
    > > the March 9th I-D cutoff, should they think that'll help
    > > us get done.
    > > 
    > > If you think this is ready, sending a comment to that
    > > effect is fine. If you think it's not ready, you do need
    > > to say why and ideally suggest changes that'd, in your
    > > opinion, make it ready.
    > > 
    > > As a reminder - our charter calls for us to park this draft
    > > after WGLC has successfully completed, and we'll not be
    > > sending this on for publication as an RFC at this time. So
    > > please try keep the focus of your comments on the meat of
    > > the content rather than on crossing all the i's and dotting
    > > all the t's:-)
    > > 
    > > Thanks,
    > > Stephen.
    > > 
    > > PS: I'll send my own comments (with no hats) in a separate
    > > mail shortly.
    > > 
    > > [1] https://tools.ietf.org/html/draft-ietf-lake-reqs-01
    > > 
    > > 
    > 
    > -- 
    > Lake mailing list
    > Lake@ietf.org
    > https://www.ietf.org/mailman/listinfo/lake
    > 
    > Attachments:
    > * 0x5AB2FAF17B172BEA.asc
    > * signature.asc
    
    -- 
    Lake mailing list
    Lake@ietf.org
    https://www.ietf.org/mailman/listinfo/lake

v2.23.0 | Report a Bug | By Email