[Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt
GABRIEL LOPEZ MILLAN <gabilm@um.es> Fri, 07 March 2025 15:01 UTC
Return-Path: <gabilm@um.es>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 67FD48D5BD9 for <lake@mail2.ietf.org>; Fri, 7 Mar 2025 07:01:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=um.es
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6a07up0rJXSU for <lake@mail2.ietf.org>; Fri, 7 Mar 2025 07:01:19 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2108.outbound.protection.outlook.com [40.107.21.108]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1F40C8D5BCF for <lake@ietf.org>; Fri, 7 Mar 2025 07:01:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SPEaC0c30bKyKcohwh0957OwMuNuIN+poxo3xy5h9/P02+X8+qW2uFQMLgBL9r5GDt+N8xRStXSJKen+XVnYVA1nYmAQVdqdKcS9qNsw+9SDOn1bF0MdnyDn37wG3ZNDuvyO8lO4qqkORQ9hcahgql45ObERjHnn23iOUpHTDFPfCBtq34MWyYWTFSt771wtD7ES9CLP0BLNXpxneokBbh21AgvrnGSL0Nm3f/n217J4zXlEF11sbegluSw/D79irvrGVi0saqjmTZzyvz1L+RPIBwFXXWDRaC1GDxMmDH5EtrX6JdSz0labF0b/8RwYWmwr9X/u7P0zr/+VjDekEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nbC46kq0OmHI/4mvNIigUut1iIz/kp4jM+/IlqiRI7Q=; b=aoIVT01Z4BW0i5j4hdkGqo1pA7fB9hgaVDDd8svY1S5PWU0nb96ewDVMbmaJ859PpJjb0FlqfP4cDfpFcVfF+n5L2XMeXzwxnhMqLeBhQmA2VtyIWq4ItqiQaQWhG8cZJFS/3TXPracV7PugJGyTYJErFb6U1ncTdtN/tJO1hhpFK+SFSfxRPb/8YWJ6BCg41JlgNr4pNOCjzqfx6xqp8OL1yqAMz2vqUoXfhFsYxsJZ5udtGCukA9o2Yoe48S5qwTa8mQ/JAicDyPKGEDZc2tGE2/MP+9Dg0JjhkfV08J9gEvUG+ehQOaRbae7fAfpkJqdFPYOr6nMuYkQMjAWk9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=um.es; dmarc=pass action=none header.from=um.es; dkim=pass header.d=um.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=um.es; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nbC46kq0OmHI/4mvNIigUut1iIz/kp4jM+/IlqiRI7Q=; b=CjsP89H1L1b1sehsDP9m1pJjpY4WWioDT9h43EBmZNMBLnTrsAc6+CSwp9BPwLjmo7tneOL+c0CfJcqPCu4ncNHDjSscVn4o4jsGDOJOr84O3Mr+BiHLFLN3Ur67TjdJc3YB3WelNh16FmopGkL8rRuJKl80GEvmjK4fTScvcoZaZtc54bNzccot5rte8dwFPvQXrduz/ItlgCeNBotmwJ5ale2bc8bBCHBKooeTuuV5kAqrAvVHfN0ZGaM6mWEcSp9Qx5Wp3Xjy9NWHw5wOoGfCQ0icZESrBT8PC9e0+qlJptvOmmQYdWexGCLj3xmNBaYLNqSnQLblhLfPY0aJvg==
Received: from GV1PR08MB9939.eurprd08.prod.outlook.com (2603:10a6:150:89::18) by PA4PR08MB7618.eurprd08.prod.outlook.com (2603:10a6:102:273::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.19; Fri, 7 Mar 2025 15:01:15 +0000
Received: from GV1PR08MB9939.eurprd08.prod.outlook.com ([fe80::f58e:f3ee:3e26:9156]) by GV1PR08MB9939.eurprd08.prod.outlook.com ([fe80::f58e:f3ee:3e26:9156%2]) with mapi id 15.20.8511.017; Fri, 7 Mar 2025 15:01:14 +0000
From: GABRIEL LOPEZ MILLAN <gabilm@um.es>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] I-D Action: draft-ietf-lake-edhoc-psk-03.txt
Thread-Index: AQHbirIsHfwcPGENWkOc+HhMDCW1qrNnziSA
Date: Fri, 07 Mar 2025 15:01:14 +0000
Message-ID: <8210AFA4-B4A6-4B67-8F1E-770E6899E72B@um.es>
References: <174083756785.99372.1434952046745592229@dt-datatracker-5dd67b77bb-4k4zh>
In-Reply-To: <174083756785.99372.1434952046745592229@dt-datatracker-5dd67b77bb-4k4zh>
Accept-Language: es-ES, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=um.es;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV1PR08MB9939:EE_|PA4PR08MB7618:EE_
x-ms-office365-filtering-correlation-id: 7716f796-f619-4c07-9c76-08dd5d88e820
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4022899009|8096899003|13003099007|38070700018;
x-microsoft-antispam-message-info: 0uv45q6H8AMtEljXnfUhUTX6+1lbBjP6BnK22zCrrkBMaECecrJU68IbhY+h5MP1qLzDdcQ4uZpBdO5N9FbXtjhru7lVP+5IMj2L+j6X/+HWgT+FD5+STTeMqDEWRaVo0pdWif+H7woIr1/r/T1G8DkyZ46oxix1E9Io2Nzpa7Yg3KWUW78yrwWuGW1VqazUIARI9aGgYuwN/ybOv2WEK5I6QTfF1Z3GhNWKRNmJdkzivnbdMpDpcTbunH4p06aCv+zSiFIBpvo/H0qQHKGU+TPz6k9mqU8oSbgCKL24JukAhvcz+ngCKkYHncP23kFcEHXS44ejEDi6A9HB/Ri7wwUzPfW+RyE1RtpjuuMTV1D4hdE+JE0ASFMup1Rw/IrclvjD4SRtJZrOU43mbcI2fGWOjeKlsw7Rqh8viBhiBigvj7sRse7eYexGD8I8qzJCZ8PHQ0EfOPaDX8gv7fDLmB/WoDFzg/I9jUTE9mafkQtCnOuELHb1NlhX8A4AAeNlqzaHOQVbeMSLYIjZ6g1KGH6DzClMPEAyQZfAzjuFiYFGtsKIKdB0E2zJzjJZcMVWT59J8zZRYKpICQsRRMDvyJDr9qVNBKEUGFLh4OzfCTHxQz0rtfvtgiB/4UDvpmYZhkOEzhQs5w/CcDmir97fXDVqtpykL8Q7m+62m9IWIe6lCLVp+icDqqsFsUg7CbdsQcGGXRqzbAFiu1v1qP/nnE7oCFWJ4lopkzdU6QEpvCEAN7h/Hxi2mZYU7di7+hrnXbWyUUmZkBvdqhIx7ln3pnYC0h4dh/viG3HLHO7cORo0RGtEFOXt8wNEGiObQ4Y9gcVnqFsfLa743A3i4TzaKGYCpfHcI1XKGJTPBiP8d1ToD8kiDj7RiMYLF+iLPx8WARomniVgSxRvGmlv1SOPx7j/YMMpsi3D0SbDPCvK4wtqKCDF8ui+PR07F3d2Ki7aP1nzWX6l2G3ATj4AJwkl48eeTyPFo7eSUfCPcDDrKQmuVYBUfgYkY7i7pRZimbW4PoYQZ7LNwweWmU/Ze5SzUnrwLPJ5Gl9Ya8iyM9ELyZr3ov81P2KrIfbOeCWAF0sgiDGGSDy4NR3kGaQOLR9yGWTor2Bei/xFYj12UmMsqx0WJgIlO3ugCi8kSYVZxDwwpEyKdQ43jaAHMeIe5mIKvAlkAPpl9Xprf7XJ/OZYWLyBDIaj6w4yzpHbFINpro28kYTMm2cbDMXeePX3pzXTkRWjiL0HCvl0o9SIEy6UM1GURLKYyo0m6m/o6d92cYyE8vBpV2gwuwED4LWyTD56qH3n/wRmx24bMx07Xe6k8xQRhd5wja2ccKsBUTpgs92VPscu5VYeVV0CNluq0o0RBZV7GwHIl0oOsddJWrdrEmHo4/OGAUSQD+PLlHqSjZdY
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR08MB9939.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4022899009)(8096899003)(13003099007)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: m/ytOeXvZ6D75OATJk89r07/pHHny4/JEakwi+49xh8gd5g5OK6zaNUGLMEVdnP23Hg2QBbt1WlSnnYDPl7OX8RnzQP7Boxi/Xs06/Khp1VTvcFua51xvK01z++RN5iJJjrbKW06ZdH7Kls0E/BJn89Oq8hkG9p8k8zEih8AgK0j1IqQo3AAU3K2r0JFPs6LEObogiNAJsWW7h13yR0diJuUQrysdvmmtQn+QnUChXNXSXtWcpxIscomx0r+KiqYHijVamIa4IxJsHB/fkPRIgtHxph41lS3ack+gOFeU1pQQKrPd178yIkXLDlGaug5BJzZAxla9iwZxMJ9s4/9A0zcHjzGGzq/GbV5Ren9Sq3CzA9H7XSyjkHy2ezcSZSk0aFy+EkYQt8umftPw8yAfnhBfVcPWRH9ofQkhyTQYIUjYG6EQjp8kepfnB+3COMfpF3CZsh6oToQHvnWRGRlE0lxZZvwVDGoanh2DGLpZHJpOz5/qXxWRjB4CUbtcWwX5OLomaCo7Mfofdn1qcRC/fNcg7x5FTJLwrAHs46bUxsx7ZS39CzjIBQeQJ1j7ARYY+fhMWDa7NKkP6+X7+bul3pd3WC5EQkW0rB2jlY2Npill62qLO9CM6EE+6YaHlsM1gIqKjpS9AMdM8ZrbGBtzLdQKXairyOsXcGmBYno20xcqQ1GbIyD5E5LSUzMullMPl39U2jlr2sNdKNjRj3UUhAsnFHZaB4PyyF5TMQ21GuXxoncQUOeVKSa0BN73Vu7ZLJ58NspnGf6a0lwBEJpA7XlOWh3j47IPgrG79ihhSwRxEU3mf9PK0tEAdEWD9/yH5/MqK3S6z54gH/drh+XjpS9L0xHE9E5mLT84q8H04gZ+J/62n4ZyzkmOtH94NWfn2pGqJxYdrzgzssbTZOIGDDZEF5uWVI4c/focv9tqVpu1vinlFxPnV15tiKST4l51Ti9vlDAhzwQPxgD7cXi8yITGvgo6XOgcQq5g/hed2AcC7Nj35Lt8awqadH03GC9PUP4q/GIwAQLBtvZkykxtdeD/LtR97tz/Q5HEmlSUKd9AEZQ15Jah05KvbApWpe30AOO+BvJBgdEsTB44kp9L73A6osWP1dZi+Ka9nDwIGNxkbgMj3oaXCnW7we7XtgnG/owiIMgagUUX7+bAfIrD9zcjUI+o9Xwj1sDCjzYp6OBXXywqbP6wDWvU4Z69udw3A7ZcRDkD4Q9he+aCcCpnPnSNmK+av4REk+g4aRLKjB4OehODjnlgNRh1vvzkGi/eTyAcP6nIZj/XBpaVVM2uUrXoITNfSuyZmzhWUzLCSk6i0TtQHmsQRU/vSoVGsGh5pUEf1GaUMA1QpctgB1oRnstVVjS2MkcE8DiyEMMjY6/XwAQb4IdHWo6bp1nq5fKIictCmCKuZFlGwv8zLy4pEsx12ZSct4js4+n7zqZM5xUHutUgmR2VouUd23WrR4KdDHiVfdYTcB6qrp+4EVkZ8fDJ623RGLNIIOp+Iwe316xBr1G7C3f/YR8YbdGn+Xr0LVVcu3hmKdc8tkyvD4I0UfdeMjtjkj5Bf9HVtZoVfbXnogKOgaAg+oGR8V8ym/a
Content-Type: multipart/alternative; boundary="_000_8210AFA4B4A64B678F1E770E6899E72Bumes_"
MIME-Version: 1.0
X-OriginatorOrg: um.es
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV1PR08MB9939.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7716f796-f619-4c07-9c76-08dd5d88e820
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2025 15:01:14.7798 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0aba6521-ce52-44d7-b06c-c6016ff2c30b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aXnYEGY9RoAQY+256qM5O7dObcWou1O1ACwVzHRQeUCNa+83nc1ABdh2e6yPEMOc
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB7618
Message-ID-Hash: JRBGKGVLDKJYQKFEGO4GPHDRMBKQFBCC
X-Message-ID-Hash: JRBGKGVLDKJYQKFEGO4GPHDRMBKQFBCC
X-MailFrom: gabilm@um.es
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: GABRIEL LOPEZ MILLAN <gabilm@um.es>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/tkvWlCT0GcwqgljLHQxxc-oiGiw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Hi.
Just a few comments about the edhoc-psk-03 drafts ….
1. Introduction
s/nodes nodes/nodes
"EDHOC with PSK authentication benefits systems where .." --> Does suit the term "systems" in this senteces? Shouldn't be better to talk about uses cases? In fact, the next paragraph begins with "Another key use case...".
"In this case, the PSK is provisioned after the establishment of a previous EDHOC session by using EDHOC_Exporter (resumption PSK)." --> What is the meaning of "(resumption PSK)" here, Does it means that this paragraph describes the concept of resumption? or just points out that this PSK is the resumption PSK"? in this case I suggest: "In this case, the PSK (resumption PSK) is provisioned after the establishment of a previous EDHOC session by using EDHOC_Exporter.
3. Protocol
s/a COSE_Key compatible authentication credential that contains the PSK/a COSE_Key compatible authentication credential that contains the external or resumption PSK
4. Key Derivation
Shouldn't the names of the PRK_* be updated to the PSK workflow?
I mean PRK_3e2m should be renamed as PRK_3e, and PRK_4e3m should be renamed as PRK4e
Probably the whole key derivation process description should be included here.
6.2
s/foruth/fourth
6.5
s/that that/that
s/The EDHOC protocol complies with this NIST requirement/The EDHOC-PSK protocol complies with this NIST requirement.
7
The resumption process implies a new EDHOC-(resumption)PSK exchange. Although obvious, It should be mentioned in the text.
where do the “resumption_psk_length” and “id_cred_psk_length” values from come from? from the “external” PSK?
7.1
s/Implmentations/Implementations
Have a nice weekend.
Best regards, Gabi.
El 1 mar 2025, a las 14:59, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> escribió:
Internet-Draft draft-ietf-lake-edhoc-psk-03.txt is now available. It is a work
item of the Lightweight Authenticated Key Exchange (LAKE) WG of the IETF.
Title: EDHOC Authenticated with Pre-Shred Keys (PSK)
Authors: Elsa Lopez-Perez
Göran Selander
John Preuß Mattsson
Rafael Marin-Lopez
Name: draft-ietf-lake-edhoc-psk-03.txt
Pages: 17
Dates: 2025-03-01
Abstract:
This document specifies a Pre-Shared Key (PSK) authentication method
for the Ephemeral Diffie-Hellman Over COSE (EDHOC) key exchange
protocol. The PSK method enhances computational efficiency while
providing mutual authentication, ephemeral key exchange, identity
protection, and quantum resistance. It is particularly suited for
systems where nodes share a PSK provided out-of-band (external PSK)
and enables efficient session resumption with less computational
overhead when the PSK is provided from a previous EDHOC session
(resumption PSK). This document details the PSK method flow, key
derivation changes, message formatting, processing, and security
considerations.
The IETF datatracker status page for this Internet-Draft is:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc-psk/__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvJ1S6L9uQ$
There is also an HTML version available at:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-lake-edhoc-psk-03.html__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvKZ1D4BgQ$
A diff from the previous version is available at:
https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-lake-edhoc-psk-03__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvIW-Mvjfg$
Internet-Drafts are also available by rsync at:
rsync.ietf.org<http://rsync.ietf.org>::internet-drafts
--
Lake mailing list -- lake@ietf.org<mailto:lake@ietf.org>
To unsubscribe send an email to lake-leave@ietf.org<mailto:lake-leave@ietf.org>
-----------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: gabilm@um.es<mailto:gabilm@um.es>
- [Lake] I-D Action: draft-ietf-lake-edhoc-psk-03.t… internet-drafts
- [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-… GABRIEL LOPEZ MILLAN
- [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-… elsa.lopez-perez@inria.fr