[Lake] COSE headers as EDHOC extension point
Christian Amsüss <christian@amsuess.com> Sun, 16 March 2025 15:34 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 497CFC3DACD for <lake@mail2.ietf.org>; Sun, 16 Mar 2025 08:34:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VL6UJSzAmXpG for <lake@mail2.ietf.org>; Sun, 16 Mar 2025 08:34:55 -0700 (PDT)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0B9B7C3D731 for <lake@ietf.org>; Sun, 16 Mar 2025 08:34:39 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by smtp.akis.at (8.18.1/8.17.2) with ESMTPS id 52GFYbe2097295 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <lake@ietf.org>; Sun, 16 Mar 2025 16:34:38 +0100 (CET) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host 095129206250.cust.akis.net [95.129.206.250] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 605B95248A for <lake@ietf.org>; Sun, 16 Mar 2025 16:34:37 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:3f86:e77d:56d9:4a46]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 128E3459C0 for <lake@ietf.org>; Sun, 16 Mar 2025 16:34:37 +0100 (CET)
Received: (nullmailer pid 3318673 invoked by uid 1000); Sun, 16 Mar 2025 15:34:36 -0000
Date: Sun, 16 Mar 2025 16:34:36 +0100
From: Christian Amsüss <christian@amsuess.com>
To: lake@ietf.org
Message-ID: <Z9bvjNkvhQGzqGlS@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="1hFMPH9ANkcVm8S4"
Content-Disposition: inline
X-Scanned-By: MIMEDefang 2.86
Message-ID-Hash: HNLK5F6WBLZLRNHSEQCFSYPSZFNBSWHK
X-Message-ID-Hash: HNLK5F6WBLZLRNHSEQCFSYPSZFNBSWHK
X-MailFrom: christian@amsuess.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] COSE headers as EDHOC extension point
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/yCKuNcwcZ_9UygHLbipjxYNrtI0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Hi Lake group,
as issue [1] seems to have slipped through the GitHub summary, here
explicitly:
What is the expected behavior of recipients of an ID_CRED_x when there
is an unexpected additional item (tangentially related: an none at all)
is presented in the ID_CRED_x map?
AIU, EDHOC is not explicit, and there are two possible answers:
1. All elements must be understood, or processing fails.
That makes everything very easy (except extending).
2. As long as anything is understood that suffices for the recipient to
find a unique suitable CRED_x, additional entries are fair game.
Then I'd extend GREASE to those points.
There is one complication that is that the values can be arbitrarily
complex, all EDHOC implementations need to implement skipping over
CBOR items. That's not hugely complex, but a naive implementation
("just use a CBOR library", when that library was previously only
used to decode concrete small items) can easily blow up. It does help
that EDHOC always uses the core deterministic encoding requirements,
so skipping over arbitrarily large (ha: who can buffer that) CBOR can
happen with bounded (2 words) space.
3. It is complicated.
Then we can't GREASE in general, and may easily fall into 1.
I hope it's 2, but I don't know how to find out (or, if it is really
unspecified, worse: I have no idea of the WG's opinion so that we can make
a statement in any document).
BR
Christian
[1]: https://github.com/lake-wg/grease/issues/1
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [Lake] COSE headers as EDHOC extension point Christian Amsüss