Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

Robert Cragie <Robert.Cragie@arm.com> Tue, 23 June 2020 10:41 UTC

Return-Path: <Robert.Cragie@arm.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BDF3A184E for <lake@ietfa.amsl.com>; Tue, 23 Jun 2020 03:41:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=b+vy7jzH; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=b+vy7jzH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ql8qAvJzdDPr for <lake@ietfa.amsl.com>; Tue, 23 Jun 2020 03:41:04 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2069.outbound.protection.outlook.com [40.107.22.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48BDA3A184D for <lake@ietf.org>; Tue, 23 Jun 2020 03:41:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DMWnGpWUqq6Lhxwm/phFvli3gm7ZIT2oYyi4+1ZVJ1o=; b=b+vy7jzHCIq4uf7LLO8jJCQQ15E0dmr0OYAylyXeAW6ylUMx2lIrwmfk+iyxzG64TxQNYvwSuvflh2twN6VacNeX1IVTmn0lnRtMbXYHDj3JjH5ysdR3GlaCTFe/2NIwlYPUeY4+fhyyDsjskmK+ICknyvwzPlQ/bVCj5xgtRJc=
Received: from AM7PR04CA0028.eurprd04.prod.outlook.com (2603:10a6:20b:110::38) by AM6PR08MB4215.eurprd08.prod.outlook.com (2603:10a6:20b:90::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Tue, 23 Jun 2020 10:41:01 +0000
Received: from VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:110:cafe::4e) by AM7PR04CA0028.outlook.office365.com (2603:10a6:20b:110::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Tue, 23 Jun 2020 10:41:01 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT018.mail.protection.outlook.com (10.152.18.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Tue, 23 Jun 2020 10:41:01 +0000
Received: ("Tessian outbound 022d32fb9a40:v59"); Tue, 23 Jun 2020 10:41:01 +0000
X-CR-MTA-TID: 64aa7808
Received: from 25a2ab3081a6.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 08889F6B-550C-46BA-99B9-899B9C2F7CEE.1; Tue, 23 Jun 2020 10:40:56 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 25a2ab3081a6.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 23 Jun 2020 10:40:56 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bkeZnrQDVcvrP8Sjj/woGpzcQ/h35LnwzwEuqcMlX+w9O0oUwyFe3N66MTJOVqdpq4XLWYInpR+l4mTPWylyBhh53K+9CS70JK5r8Af3FYyV+tG24wlERKwUTnNfJi5C6MM7KruX2rwC4WRI70tdBiiSzoe9t3/Hi6FJEP7gmsB4ALLZAGL6me6fKssNjfYxV2IxdrYajDA6+y7u3k3tJ5e7Sb2NArLRua9qJKdWo72e5jRBquk4yoR91srXbeYoUKA1bU0zJ2BhU0C3pHpkI0lsFLId1fNWnvbFh6jZ5rApUv3AueLGXd0PFMr4LzYHW+2A0m00YOl3M1ZRXrBSQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DMWnGpWUqq6Lhxwm/phFvli3gm7ZIT2oYyi4+1ZVJ1o=; b=EtKSzmko+rgYWFSrxhF+mdQehs+deOvJwMVHsiY/oVksV7tvOLe4aborujhVumptDb2aBYIloaA5c2gralEMmjb75RVA8r0jxyXao2ybzQ1LfHcZT2taRzSo5PLoDXJawmd+7nXocTas9ebA/yNZHpuGV/RWar7nqq6cJ/6AkVh6/hf6i2FAHlC0k+D3/QYPALtKlTmY5pa3IL2ZaR/6C6q3w2ytacRdOmLdRZ6jvjcCuBxLZCfhI2MiPSGA8C5D3aG/aSgvVwNMAeb0Dtepb7dG3BMpX0L8jWQoKZ/LO5GKzK6cG0s/CpAEOGTZw+JNpjsfUvzfD2s/1ld5bxur5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DMWnGpWUqq6Lhxwm/phFvli3gm7ZIT2oYyi4+1ZVJ1o=; b=b+vy7jzHCIq4uf7LLO8jJCQQ15E0dmr0OYAylyXeAW6ylUMx2lIrwmfk+iyxzG64TxQNYvwSuvflh2twN6VacNeX1IVTmn0lnRtMbXYHDj3JjH5ysdR3GlaCTFe/2NIwlYPUeY4+fhyyDsjskmK+ICknyvwzPlQ/bVCj5xgtRJc=
Received: from DB7PR08MB3482.eurprd08.prod.outlook.com (2603:10a6:10:42::27) by DB7PR08MB3482.eurprd08.prod.outlook.com (2603:10a6:10:42::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.23; Tue, 23 Jun 2020 10:40:53 +0000
Received: from DB7PR08MB3482.eurprd08.prod.outlook.com ([fe80::9c52:4452:ad30:1172]) by DB7PR08MB3482.eurprd08.prod.outlook.com ([fe80::9c52:4452:ad30:1172%4]) with mapi id 15.20.3109.027; Tue, 23 Jun 2020 10:40:53 +0000
From: Robert Cragie <Robert.Cragie@arm.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
Thread-Index: AdZImF7orqeOws8bRtOwokwxJ4dU1gAsZjeA
Date: Tue, 23 Jun 2020 10:40:53 +0000
Message-ID: <DB7PR08MB3482E55ADA1F12993D7535C4E2940@DB7PR08MB3482.eurprd08.prod.outlook.com>
References: <DB7PR08MB3482851CE0E241F9493F9B17E2970@DB7PR08MB3482.eurprd08.prod.outlook.com>
In-Reply-To: <DB7PR08MB3482851CE0E241F9493F9B17E2970@DB7PR08MB3482.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: aa23f500-ade4-4b26-a1c8-3f333c0e1560.1
x-checkrecipientchecked: true
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [86.167.141.222]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d4dcdb29-9dee-407f-c20f-08d81761ec25
x-ms-traffictypediagnostic: DB7PR08MB3482:|AM6PR08MB4215:
X-Microsoft-Antispam-PRVS: <AM6PR08MB42151697C4E3DE91DF005F4EE2940@AM6PR08MB4215.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 04433051BF
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: mKwcB4g1kZaCzYNjkefG+3osUiO1ELj94h8XM5kNOhAhFmLAfvoC5oKtIAHSMNr81zlyVh4COg5EMqWDwV1G2FpZOWDTgKqr1IGmkwNje83USawE22dbDCseUr29EOXuk8Ocvua5h3wNHiUEF3QMyJr5vqgPip/ZGnldBV7brZHBrudQ3ZM2eYawAlWI1/m427DvW6Tfrvgdgt5NAdTAhPdnms8Gyk3AtwKTcwkDrTtrYZeyFtSqeXoUQnIRN7SdpqTfIC35HrrpN/i56ao9Af0gCMynLqf7FNIoc+TxdV0DY/e0ITJOdQsFkE+P1X74UlwMA2TmNN4vJF4sZ9/NkC48Cc1w/6C9WGvqasrvZa8E4KxW+c6iM06irpM5pkhVqn/4/+roVB2SuMce5NCVTujw8EG+CWp+/lO6/s1jMt714QWNUF2eXQCODPfg/ACK/7apKZU+swhk2tZgwExv5jC28CtJC/pt8l+YacuEeRk=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR08MB3482.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(366004)(396003)(376002)(136003)(39860400002)(53546011)(6506007)(966005)(7696005)(6916009)(83380400001)(66476007)(66556008)(64756008)(2906002)(66446008)(86362001)(26005)(33656002)(71200400001)(8676002)(8936002)(52536014)(166002)(478600001)(5660300002)(66574015)(186003)(66946007)(316002)(55016002)(9686003)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: z6ZyFsCLifIiDq725uNKBmeOppqFO3Vp1GtA8iBvkRuGe65rYjfSm56gWRGR6IUa0iXSAaOPBrVvZe6eSZMz0v9e7zBXekDmcvELY2ndn5HKGeuyYlshm24jKm2yIOWC0xUESeIIiIvaDhNPT7pE87V/qizNqTjZ/Ymoyiq9hh8VJi9vgfmp89H6NgLooJTG8+0zx2zSZoprOB/fXRhlcHfuwCjtV9sJubWofDsRAv1Fv8rWjcik6H0iOOk+AJD4zBJy6ZGvS9/w4yUqouf7QX1/ikABHz72vtbA5e95K6rUmvA+G6UUw1Lvy++Vjbe/JsKRiiQRooyuuprYej7c6er5eGqYHRKCZMy0sAjA780QiCndpddnva6WqfgymO1yGLZXgdDU2ByZYkgObjxQ0rdWd7bgbcnPOk0iXc+dDaSOC9mj3x2mY95HVU7xSQ0Yk7l0v9YpDMj+MoUliAPlozxnHd1L5FhVDy9oSG6EIjqHfakNDuDA63C5wI0U6IGu
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB7PR08MB3482E55ADA1F12993D7535C4E2940DB7PR08MB3482eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3482
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(376002)(136003)(346002)(46966005)(316002)(36906005)(81166007)(478600001)(356005)(83380400001)(82310400002)(86362001)(7696005)(52536014)(5660300002)(70206006)(336012)(166002)(66574015)(70586007)(26005)(186003)(55016002)(6916009)(47076004)(6506007)(2906002)(8676002)(82740400003)(8936002)(33656002)(9686003)(53546011)(966005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: f160d0d2-0a8e-43fb-57e5-08d81761e766
X-Forefront-PRVS: 04433051BF
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kyB+i649cMP+qN+QgIa+vT9VHM2Gsg9VGEVfT8e5seIzFBxKC3Dyu2nR228MLPw2NLlxWCc1gRbHVTpyOR/BybdYYs8xK1Xgfyn7AsEkUsC63L4GQAsCUv896VHVDnPbiVaY36h1ryiJtXHOUQvyDxjKknh1Bl2ajC5ULX1sEc4UbVf1tm/qFfSe/JA1CbyA3ymnxMsvolOncUJ8W/pAayrHMj6kk42EsCL5NfAZoIsJCEkTaK6w6VMzSO3RJ3bLXAg+yrllXgnfTNsmDWmnn/j4oFu4aHLlxn1P2phCIZHQUKkvjgmd0D2DWEANLdN9Th+Krblogm2MgHgGmJalmbffMqGjsb4qIub5IHDVrc43dqLqx7F+jszwhSpYCGymBVPDvR/gUXefeU9k2oDPdcatJV4eavcSvSqDWum30VGXpba7LArMcitbTCKOG+nVGB7PZCMiqtf9htFYqKt72gFC2Yfw7Jq51TG+rwbLqa7+j4BsAjwUs7O/iMd/ATcb5z/ogibW49vKDprAQJ9qVRwksrvNrMMUAguCLtkCalk=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jun 2020 10:41:01.2546 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d4dcdb29-9dee-407f-c20f-08d81761ec25
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4215
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/VwCsyN_-rA47uuY18MRykIw4wnI>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2020 10:41:07 -0000

Prompted by some of the recent e-mails, I should also add that another primary reason for choosing TLS as the basis for network admission was reuse, i.e. a single TLS code base could be used for both network admission and application layer security. In addition to being more efficient, this will likely become more important with the advent of trusted environments (e.g. Arm TrustZone-M [1]), where the less code that has to reside in the TEE, the better.

Robert

[1] https://www.arm.com/why-arm/technologies/trustzone-for-cortex-m


From: Lake <lake-bounces@ietf.org> On Behalf Of Robert Cragie
Sent: 22 June 2020 14:59
To: lake@ietf.org
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

I oppose the adoption of EDHOC as I believe EDHOC and OSCORE are reinventing the wheel.

There seems to be this view that TLS and DTLS are unsuitable for IoT and technologies such as LPWAN and low power wireless PANs (e.g. 802.15.4). However, I would like to point out that we were successfully deploying:

1. Network admission using PANA, EAP and EC certificate-based TLS with Zigbee IP [1]
2. Application layer security using EC certificate-based TLS with SEP 2.0 [2]

This was ten years ago on microcontrollers with considerably less capability than those available now. Zigbee IP never gained much traction, however the successor to Zigbee IP, Thread, also deploys:

1. Network admission using EC JPAKE and EC certificate-based DTLS and CoAP-based relay mechanism [3]

The reason for using TLS in both cases as a basis was entirely due to not wanting to reinvent the wheel and come up with a new approach, as we acknowledged the hard work and effort put in by the TLS working group in not only coming up with the protocols and ciphersuites but also the significant amount of scrutiny and testing that implementations had gone through, hardening both the implementations and the standards themselves.

There is no doubt that the key exchange transactions we used could be made more efficient but, in my view, the correct approach is to build upon the solid foundation of TLS through efforts such as cTLS and not to try and start again.

Robert

[1] https://datatracker.ietf.org/meeting/83/materials/slides-83-lwig-5
[2] https://www.ei.se/Documents/Projekt/Funktionskrav%20elm%C3%A4tare/2017/SEP%202pkt0.pdf
[3] https://www.threadgroup.org/Portals/0/documents/support/CommissioningWhitePaper_658_2.pdf

From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> On Behalf Of Mališa Vucinic
Sent: Monday, June 8, 2020 3:55 PM
To: lake@ietf.org<mailto:lake@ietf.org>
Subject: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

Hi all,

Since we now have a rough consensus on the requirements document, we are proceeding with the selection of the LAKE for OSCORE our working group is chartered to work on. Given:

- the LAKE working group charter,
- a wide community support over an extensive period of time for draft-selander-lake-edhoc,
- adoption of the cTLS draft by the TLS working group where it will be further developed,
- that no other drafts have been submitted for consideration of the LAKE working group,

we are now launching a call for adoption for https://tools.ietf.org/html/draft-selander-lake-edhoc-01.

Please reply to this thread whether you support the adoption, and indicate if you are ready to review if this draft becomes a working group document.

The call for adoption ends on June 22nd, 2020.

Your LAKE chairs.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.