IETF Logo Mail Archive

Re: [Lake] [Secdispatch] LAKE next steps

Göran Selander <goran.selander@ericsson.com> Tue, 27 August 2019 13:46 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD48D120047 for <lake@ietfa.amsl.com>; Tue, 27 Aug 2019 06:46:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77iNgWgTsjJv for <lake@ietfa.amsl.com>; Tue, 27 Aug 2019 06:46:30 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50064.outbound.protection.outlook.com [40.107.5.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B3912003F for <lake@ietf.org>; Tue, 27 Aug 2019 06:46:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M3mMCWFaFFlA6pjEP/iCJhkyHbJQ/RcJm69iaCRJcbFuapQdRQzlnOScUZstcbqTOaBMaD+04OP3AukY0FqfNIvISfpZ+ILd/uA8Kbv+BatoWSUj40YLGzepfNGEKkUX5scgzTs1pDgVNuNT58xVRm8fa8zC9WuYC4R2fDJOvcULoRbjSE1PEsl9KjaDnBXEYG7ZklDotob86uIYzarg+/P3YEuIivTWN2XQtpVCAY70K7lqMBHbBFLUQVKcbnxaV41321OEZCNJDJxqkfNoprt2SUFPaDXd8Isgvl+iQKawJZMWuWgRiyJzT+xqmoxDewu8DXFrcq68ClAu/2V4pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3+FgK/XR4PBSkyv8fDH7NKpxW2nPFcoqAnsGMHLbK7Q=; b=cNN/vaaiOvL8ozUCxRIbslO7sLXTCKvNern5PbN3WkQTXCz59k3y587fcueDiU/HOpy0loIbq4TbdVHW3/kevgx5ZROu3qJpZcgZ7MJH2p2zSNUFcH2500r/ZS3SJY0L8JxUqSJ1zNSNxozaFMpPHPOGIQ0eVCxAoe1M12bWKMPeTibMsqH6wfbaacLTEBmBo0wbBavr2HBk/Lshkb9mmmCJGXbdL0C+1yj216UbIUY480/ynl/ekirrfq+N9W0eoEgjD7HmA8NcvejfJxiHfisg00S+kQytf64Sff+/76hL7Ze9YUT5LYs3q9KzwlXKocBBLwHnJr3XxDgTokR3Ig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3+FgK/XR4PBSkyv8fDH7NKpxW2nPFcoqAnsGMHLbK7Q=; b=UEbZgCt7pJDZz4W3D6zKy3BWKnJvLtvKLvQD6j4LG2CI0rAOmeRzZghVxa/eXaSkGl+GXeeSs1CdO4SU4sDGlIrh1jzqhwdE4tfNXUJO2LTHqS+6fe979EmmEyGFT75g7iDTjh8l2ofCVdNiKpOT6+6WivDOP67zzYiTBONqLCU=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB3514.eurprd07.prod.outlook.com (10.170.247.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.14; Tue, 27 Aug 2019 13:46:25 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::f805:dba5:af8c:1576]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::f805:dba5:af8c:1576%6]) with mapi id 15.20.2220.013; Tue, 27 Aug 2019 13:46:25 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Secdispatch] [Lake] LAKE next steps
Thread-Index: AQHVV27+G+o9nwDa0kKha2dOdkjTaKcHTXAAgAaibQCAAT5tAA==
Date: Tue, 27 Aug 2019 13:46:24 +0000
Message-ID: <9E33B44F-1364-40F0-AD8C-259108C4D2B9@ericsson.com>
References: <20190820155006.GE60855@kduck.mit.edu> <DED9B6C1-2E61-4C20-822D-4F22C848EC1E@ericsson.com> <20190826204642.GM84368@kduck.mit.edu>
In-Reply-To: <20190826204642.GM84368@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1c.0.190812
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 909b7526-c25c-4b25-4701-08d72af4f402
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3514;
x-ms-traffictypediagnostic: HE1PR07MB3514:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <HE1PR07MB351487342A57699B2BE43149F4A00@HE1PR07MB3514.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0142F22657
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(51444003)(189003)(199004)(7736002)(36756003)(5660300002)(76176011)(6116002)(26005)(102836004)(85202003)(186003)(6246003)(53936002)(3846002)(6512007)(6306002)(6486002)(2171002)(85182001)(6436002)(256004)(2616005)(446003)(11346002)(305945005)(486006)(14444005)(53546011)(6506007)(8676002)(8936002)(99286004)(81156014)(81166006)(71190400001)(71200400001)(316002)(4326008)(14454004)(66476007)(64756008)(66446008)(66556008)(476003)(478600001)(6916009)(66574012)(25786009)(2906002)(966005)(229853002)(86362001)(33656002)(66946007)(76116006)(66066001)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3514; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: D7Gmgn5nLQ8/XC2iizJWDxyoBgE8Y+kZOGvDFK7t5iAbqEPo5E8z3uCT6H6gVCL5Vmw4yRDrfw/++hTGyZW82MMInD8Ubnc0dM26wD5i6AGaQjoJK0xk+xGU9k673zyzKOgkGgsvWYAcL5wPSp1ow6AHoCPlMztkI2Vb2vJn1u6mrkxhMF3YAkd+f8xOvG6ggVvXCP5ibsOvZyUXvVKpo4HWbmHIa94XEHdNFY6m/WkQCbxEEbiscocjMDobw+qfuyPoTDNj8NvncmZjtfvyl3MVr1fNsJO0nYajsvAA0yTw8qIMjbzVjDXf/pk1UZJ19D2xPIa+We2fGiHvNoSIkksVXnZjDyYx3qQP9w7WRwjhkwj1WMR9YOzRdgVeOUEoKaynU3isBNcnfZ9/21omawvLQlCM02PN3bd3m2Mqybs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A2FC78E9821CC54A995F935F3515BD96@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 909b7526-c25c-4b25-4701-08d72af4f402
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Aug 2019 13:46:24.9221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eqmNjthfK7lUfyK2dwMmHAdUbdQkbadAKg1Vqen5JW262IJwjK3IWjfSAWBanpWxiyrHBfHpj41fAwjsuXbQk4LHeuRyDlmr+vq9cj8U5nY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3514
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/wzQNURB4gPOoBm4Mv5uhqOVIzRs>
Subject: Re: [Lake] [Secdispatch] LAKE next steps
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2019 13:46:34 -0000

Hi Ben,

On 2019-08-26, 22:46, "Benjamin Kaduk" <kaduk@mit.edu> wrote:

    > The proposed charter looks fine, I only have one comment on the text, see below. In particular I don't think there is any need to further detail requirements in the charter since those can be agreed with the listed stakeholders as part of the work.
    > 
    > Excerpt from proposed charter:
    > 
    > 'The working group will collaborate and coordinate with other IETF WGs
    > such as ACE, CORE, 6TISCH, and LPWAN to understand and validate the
    > requirements and solution.  The WG will also evaluate work from
    > the TLS WG and derivatives thereof, and draft-selander-ace-cose-ecdhe.'
    > 
    > My comment is on the last sentence above. I already commented on this sentence in a previous draft of the charter:
    > https://mailarchive.ietf.org/arch/msg/secdispatch/xJTkOA6zfU0TcQPMYevg8IBUSVk
    
    Oops, I'm sorry I didn't notice the comment from the previous round, when
    preparing this draft text.  Are you proposing to just drop the "and
    derivatives thereof"?  I believe that the intent last time around was to
    include what became cTLS, though at that time it was unclear what home
    could be found for it.  At this point it looks more likely like the TLS WG
    could do it, though it's not decided for sure, so the cross-WG dependencies
    remain a little annoying.  That said, I think that the proposed LAKE
    charter should only consider output from the TLS WG, not
    work-still-in-progress at the point when a decision is to be made.

[GS] Let me try to be more clear. I would like to make sure that LAKE is only tasked with evaluating candidates from the TLS WG that comply with the requirements at the time when the evaluation is done in the LAKE. If a protocol does not comply with all requirements it doesn't make sense to compare e.g. message sizes, since that is a function of the supported functionality. In other words, the LAKE WG should not be dependent on progress of drafts in the TLS WG, but only need to consider what is available at the time when the LAKE WG needs to make its choice. 


    > Additionally, I don't think this sentence well reflects the text in your mail:
    > 
    > 'From we’ve seen so far, EDHOC seems like the leading contender, especially with respect to the “reuse of COSE algorithms” proposed requirement, but we of course welcome further data (such as on the relative code footprint of core cryptographic primitives vs. protocol integration for COSE/cTLS/etc.).'
    
    That was intended to be my personal take, not an attempt to judge community
    consensus.  (Well, Roman seems to have signed off on it, too, but the two
    of us do not a community make.)  So the draft charter text was
    intentionally more open.
    
    > Detailed comments:
    > 1. It is fine that the WG also evaluates work from the TLS WG, with the obvious restriction that only solutions that are ready and complies with the requirements need to be evaluated. As long as we agree on that, there is no need to change the charter on this point. 
    
    Right.  "Passed WGLC" is probably a usable threshold.

[GS] Sorry, this was not the threshold I had in mind, the word "ready" may have been misleading. I meant ready for evaluation in the sense that requirements are fulfilled and benchmarks can be compared, e.g. that message sizes have been calculated under uniform assumptions common to all protocols.

    
    > 2. Please move ", and draft-selander-ace-cose-ecdhe" from this sentence and include it in a sentence before this one indicating that it is currently the only specified AKE for OSCORE. 
    
    Recent IESGs have been somewhat fussy about the language used to describe
    individual drafts in WG charters -- language like "evaluate" or "use as a
    starting point" tends to do better than "will adopt" or similar.  And of
    course it would be good to get some more feedback from the group, since
    you're an author :)

[GS] I'm fine with "starting point" as was used in your question to Secdispatch [1] which received 15+ individual positive answers and positive support from two 
working groups (CoRE and 6TiSCH). Do we really need more feedback at this point? I think many of them who responded to that call believe they have already provided the necessary feedback for this process. 

Thanks,
Göran


[1] "Conclusion

There appears to be an understood and scoped problem that is feasible to engineer.  Among the available starting points to address the problem defined in question #1, EDHOC presents a viable choice.  

Chartering a narrowly scoped, short-lived WG in this space with EDHOC as a starting point seems to be an attractive path forward, but we would like to receive community feedback on the degree of support for this approach."

(Excerpt from https://mailarchive.ietf.org/arch/msg/secdispatch/Kz_6y6Jq4HsWxglsUHafWjXIm0c)


    > 
    > 
    > On 2019-08-20, 17:50, "Lake on behalf of Benjamin Kaduk" <lake-bounces@ietf.org on behalf of kaduk@mit.edu> wrote:
    > 
    >     Thank you to everyone who attended the LAKE BoF session! It was a
    >     productive meeting that highlighted the community’s needs for work in this
    >     space.  A key insight that emerged during the session was that there is a
    >     fairly clear split between the “AKE for OSCORE” case and “general purpose
    >     lightweight AKE” in terms of the set of requirements.  We are happy to note
    >     a strong level of interest in a TLS-based solution that removes unnecessary
    >     protocol fields and encoding redundancy, which has significant potential
    >     for use in protocols that do not require traditional TLS cross-version
    >     compatibility, in constrained and full-featured environments alike.
    >     Likewise, we saw that the additional community engagement of a BoF was able
    >     to provide new insights into the use cases and requirements for a LAKE [0],
    >     both in the OSCORE and the more general case -- this is a great indication
    >     of the value provided by the broad and cross-area IETF review process.
    >     
    >     Based on the input received and energy in the room, we feel that it’s
    >     appropriate to charter a WG to finish coalescing the requirements for the
    >     OSCORE use case and evaluate solutions.  From we’ve seen so far, EDHOC
    >     seems like the leading contender, especially with respect to the “reuse of
    >     COSE algorithms” proposed requirement, but we of course welcome further
    >     data (such as on the relative code footprint of core cryptographic
    >     primitives vs. protocol integration for COSE/cTLS/etc.).
    >     
    >     We also feel that it’s appropriate to find a home for work on cTLS to come
    >     to fruition.  As noted during the BoF, this presents a multifaceted
    >     problem, with input needed from TLS experts as to which parts of the
    >     protocol are legacy artifacts vs. cryptographically necessary, and also
    >     with input needed from domain experts on constrained devices as to which
    >     protocol features are necessary and where to fall on the spectrum of
    >     tradeoffs between fully general/full-featured and a stripped-down,
    >     bare-bones feature set.  On the balance, though, it seems that discussion
    >     of a general-purpose-but-compact TLS would be most effectively done in the
    >     TLS WG with additional input and collaboration as needed.  We plan to ask
    >     the TLS WG if there is interest in rechartering to take on this
    >     “constrained TLS” work item (and we note that this includes thinking about
    >     whether it is best done as a standalone specification or a “patch” or
    >     “filter” to stock TLS that could apply to multiple TLS versions).
    >     
    >     For the sake of facilitating discussion, we include draft charter text for
    >     the OSCORE case, modified based on input from the BoF from the version that
    >     was previously sent to secdispatch@ietf:
    >     
    >     ==[ CHARTER ]==
    >     Problem
    >     
    >     Constrained environments using OSCORE in network environments such as
    >     NB-IoT, 6TiSCH, and LoRaWAN need a ‘lightweight’ authenticated key
    >     exchange (LAKE) that enables forward security.  'Lightweight' refers to:
    >     
    >       * resource consumption, measured by bytes on the wire, wall-clock time to
    >         complete, or power consumption
    >       * the amount of new code required on end systems which already have an
    >         OSCORE stack
    >     
    >     Goals
    >     
    >     This working group is intended to be a narrowly focused activity
    >     intended to produce at most one LAKE for OSCORE usage and close.
    >     
    >     The working group will collaborate and coordinate with other IETF WGs
    >     such as ACE, CORE, 6TISCH, and LPWAN to understand and validate the
    >     requirements and solution.  The WG will also evaluate work from
    >     the TLS WG and derivatives thereof, and draft-selander-ace-cose-ecdhe.
    >     
    >     Program of Work
    >     
    >     The deliverables of this WG are:
    >     
    >     1. Design requirements of the lightweight authenticated key exchange
    >     protocol for OSCORE (this draft will not be published as an RFC but will be
    >     used to drive WG consensus on the deliverable (2)
    >     
    >     2. Specify a lightweight authenticated key exchange protocol suitable for
    >     use in constrained environments using OSCORE
    >     ==[ CHARTER ]==
    >     
    >     Thanks,
    >     
    >     Ben and Roman
    >     
    >     [0]  For example, the total number of key exchange operations expected to
    >     be performed over the lifetime of the device, as might be compared against
    >     the total lifetime energy budget; and a request to make explicit what had
    >     previously been implicit assumptions about the cost of various operations
    >     (on various axes).
    >     
    >     -- 
    >     Lake mailing list
    >     Lake@ietf.org
    >     https://www.ietf.org/mailman/listinfo/lake
    >     
    > 
    > _______________________________________________
    > Secdispatch mailing list
    > Secdispatch@ietf.org
    > https://www.ietf.org/mailman/listinfo/secdispatch

v2.23.0 | Report a Bug | By Email