Re: [Lwip] New Version Notification for draft-ietf-lwig-security-protocol-comparison-07.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 24 January 2023 12:46 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1329C151545 for <lwip@ietfa.amsl.com>; Tue, 24 Jan 2023 04:46:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcNptIUhfYSN for <lwip@ietfa.amsl.com>; Tue, 24 Jan 2023 04:46:18 -0800 (PST)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2067.outbound.protection.outlook.com [40.107.241.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C37FC15153C for <lwip@ietf.org>; Tue, 24 Jan 2023 04:46:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDpKHZgVo9tkttNHNZ5RlxtDkf8Hkbix6U81uhe6sLiaQedDlwwIhrcPX1TkBVQYPD7CVR1Ihd7SDvFdukYs3A3P1TfmgFsvh55nZ7schcKlJXYm61XZds5MZJDpa0sYR9qZkP6qs+EHoM7ig7lYg2tgvJFOrMh1IgDP8Pg7YQZ5b0h4Zwq1hU/SjtjeDubDZpFhgIn31Bijm8clPBcSgf1SpOYtvZpFoBJBL7yNUlgV2lLAZQdwES6zd1KmUkSOhQHuQQrHJSQP0TwCnBb3g3+f9h2S9bZGG8t7sXPToIYatAHFBI7I2ugnyE3OPfCQvkJKW30ShxBRTgl1wvLlQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WHvHK+mTWBmmt/+Oa5HHUvbZ3K7Mdp8tvlX3bBStvGo=; b=jGiSa6ryBw2896Soe2sDU9YaIQBD6H/9Kkwt6lLGOG0zqsm7fLYu8eBRoDQLxyRJKRXeNHDsU+xwCRLkoK/A6A507wIYPcggDlc//oRPLN+cEJrDI8x2OgkDQxKgzSOIVeIBmjHhMLBGnEOA5F2dbxquq8OegzWWaVQRzGjd25fiX3qshsKBMAy9kV/eS3bzGAoxDUZhZvyMAYZ/0wxHldRgf3U5WYQ07JTR3oUr5wIBzSn8wzHQKLHN7JoZjrpx7jp164rdRW5UkZSCfhWGpDVtestx/qhjnyBGx3ZjIl8VRid4LzVZ2w3niZLsD6PZ5fGtjCwUzHeldojf3VDMog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WHvHK+mTWBmmt/+Oa5HHUvbZ3K7Mdp8tvlX3bBStvGo=; b=Pj65DdZF4NnPcjiWYU7px9Q+DzQ6AbKRF7+OX+1BjX0zJhZ4RIIwzN1wFfsDxHqU5MSK1b/V8ORokBtN6DJC0Ne8S14e346gTA3ZDx/FILeF0EX7GfcKGLt8UUxkuIb95tE0MittRj5mYQKrKKOyyKNKtQATfQeItmKMuKZfXXw=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by PAVPR07MB9261.eurprd07.prod.outlook.com (2603:10a6:102:315::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Tue, 24 Jan 2023 12:46:12 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49%12]) with mapi id 15.20.6002.033; Tue, 24 Jan 2023 12:46:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lwip@ietf.org" <lwip@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-lwig-security-protocol-comparison-07.txt
Thread-Index: AQHZL+53sW4SGIJ65kyS9jQ0URnFSq6tgjNj
Date: Tue, 24 Jan 2023 12:46:11 +0000
Message-ID: <HE1PR0701MB3050D4327BF5AEE95AB84DA689C99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <167456291285.11273.12075180201009990998@ietfa.amsl.com>
In-Reply-To: <167456291285.11273.12075180201009990998@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|PAVPR07MB9261:EE_
x-ms-office365-filtering-correlation-id: 79606677-d045-4001-0e71-08dafe08f919
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nVEvwbclRxOZ/f1ZobLI1K1vSLq7R3m4OcSQ2bfMRG++W4Umy/NH/MAHB7tuaK/MLrDoze1oMI21qhkjtF449Snjuh+6NZQyY9zZJSYDwrLuzlPcG+uZoOE+RmYU06eAqifL/p4qFr6S1M7gf+BF62e0OZWnwz7XsGM8CKxTh4jDTG+1LHLflCjTb4CD85sShi87qWuTyuK4vXEvzAYc1kUu1UZjyNnu8pxgsCTozzWdN3VkiuZl1u7ZoLJceYLYIm9s1mvhpR3AJO5rboy9tMen6bJv++OyyX+oCtgw7ZbTrlxnZ72XOxvLz4vRbcwc6TUpTF1pMULMdH06ItQreDc7ZwJXacykPjUHA5/IqOX59SF0Fu9zzPxi0kfO9fgxp3yLdOruylhqPOYU7BGLjU6H6hb42mV2izaYrgswzFVt9106h+QJGBZFe5QQl4RGVKnmDKGy6H3kSMDOcmnQroQLlXw8VPrH1KbV4eoie1AZVehfXW56S/mBj46Pw4RK7VH6t8BOKkpIzB5sgrkpK9uy/LzVm3ITrAfdAfnXG7umz6gBX6r1z9IO3iVBtpsd6DlqkEg7U/ARQHBHHtRHlcOSTo4W9jgxx41hq4hnG/oyepvhtqFISdK3Fx49fnffPK6tm16dgEfllTHgYvWHuU8JszkOBW386OwWYG+xEqrwZSGvILHg1OLA/OGcVMgClutq6v1U+Hvu5fygkMBB+iqUt8Y4Sdz3iM7sDe+KXj34kwifdtnw0EyFHlhhAtoKKFo0PaYe2icerjYFeZNmfQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(396003)(346002)(366004)(376002)(136003)(451199015)(316002)(71200400001)(8676002)(76116006)(86362001)(66946007)(64756008)(66476007)(91956017)(66446008)(66556008)(6916009)(55016003)(9686003)(186003)(26005)(53546011)(83380400001)(6506007)(7696005)(966005)(478600001)(122000001)(82960400001)(33656002)(166002)(38070700005)(44832011)(66574015)(5660300002)(21615005)(8936002)(52536014)(41300700001)(2906002)(15650500001)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6w1angQ6sM1ScB6tdS4DSq+Je3thYlTmZJOxwvdDZjCnyBKerzMN6tq1DMb91v5isMUw5dIcgP41rXyAHupmIgHUANMWv8tWqtjbqOCILEbCey6JwagjY8E0lijbKKkLLQCnPQvYy6UpuEdv8S3u5IMfKYmxkr7fP2UwTqGuZt14Af9yqts4u9zCDaH5JXA0qQA7VtWkQzmWVghIa7ygixvBosuUslM0dP3IiQwyP7fEH5MK68J7/pDKuG3bM+pjjydN/gmuPm90Qdhi6JRU0lqlIndKyaGxN1YjxTHoOh83j23PlNFwLZDIdjeoZOnAXPtbe0NvA8endH+3VtvemzR4NEnA3XrAdK9NyHZg2F5ktIFapP6LCgEJegbpm9xlRGnq+wrom8B2h7jtSaA0xWBYbNNfzR02Qg+MAeZ89mAwW20Hu7PCM64NuImojO7SWIi1o1aCAd5V5lytfwFWEhS9/yzkOBcIxyjRwymdlD9WyfTnNhOpaUEbBY9XHzRw69/DwGY7odlQM9IghZaf1wPXcT/+rUzCcZ+N9cCFC8irY9cEdVACVoxS7oQVtURpAYVoolhu5gZsyJ3U3S06Zem870eOCgOVXW5cVaWqE9+JFrrQI66FHA6Tw7UKHr6hu0EgIJnDGxvyTn5bkcH7J6ZrXI0uWluD3Zu/ah+sa2Pr0DElt9Y3EjbJBzr2bSNzCzZGpSQk5Nz8p3OLNJgy1iHb1othJKoeFzKg3AE6dFHfOOS5l/ELGxBuS6PPYpgPIiw2n/slmwM0HzQ3pH8Ii6E2B/Ffgos/tz8jAeYPNMsOaM6xiBbLKPOn0Srt0mp18YjQIZL4krG/ptMwUozCcFZ2kZtH4IkpHsVodOk8HFc7k1ypuVsHvQlv4YPOPCj+zYUVFUJLtfh1pPlH1/YD28o4HcEWVNOuST/XqWEaic47XFVrUMUt2QpKl3TxbwvLlI4gpsZz/romPl2VQ5WlLYY8HF7myRtVMslmnJJBqsgr3y1DK+PyuF7sckEZcLFjKx3QklSSI4BePApWxOJj2k3X4gzmHCFqJuogFMU7kAyAarlevKaxu4TFhFagyuUBhyrburtqguemN0EKugdbm22BFrPQqSdVn30JYJX2gciM9rVkNvLI57gWfGNUG6Qd1Txm6ze9ZqXhppt3/OefcWDVNeQabpnjr/zlYZQXA0riun+06wxDK64G2873mjzujz1aC5810ZBPQlQfDuYdHA+tdInW6qL8YLEFUOg2OEfoAHG62Ky10QBjDMikd2yCmxiElyZky1SSwuRWfAfZNrPqViWKORBMHX+vZJ1MpSTBU65VTrC4dNMBCSyM3Is1xHHJO7BMo8nHJhAy2DEDuM1DEiVWNezeH5ftCTSfiWuEyOf4ey6k7u4nLlY9p4Ql9OVzd9DersbXeAsU3o9gQph8GuS5FQGvc7O8Gcmijlf1ykeTR1ITx6FcEuT/BPjQSzXui8ubtLi7+oUGa0JBpSq6UHN9UVXN8kRBWh5kMBQV5UdwJq3S3ywRolUBqcrCQRgWLywrCBNjJjJmlOarBWU6WwgRgEaLhmyBAzAKwwurU9Wfb0oJukM4NbwUfVITY3sHKjeAqoXoSc526D6LERFEssCdzutnlDYMwKa/mqY=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050D4327BF5AEE95AB84DA689C99HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 79606677-d045-4001-0e71-08dafe08f919
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2023 12:46:11.8083 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SsAfpWL+7RsyQ/GzOcYijTtDlE6VlOQ7GKEjr2MZvM7RviNnZ0QSI2l8p7SBs4UdzCWnxuYd5QGrnbA6ForaosWEgh077eNA1apylj4oP8Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR07MB9261
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/R0mrmd8qffAbz3qMSODppYDcfhM>
Subject: Re: [Lwip] New Version Notification for draft-ietf-lwig-security-protocol-comparison-07.txt
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2023 12:46:22 -0000
Hi, We submitted -07. This version takes care of all the remaining issues as well as the comments received on the TLS WG list from Achim Kraus. We feel that the draft is done and ready to progress. Changes: - Added a reference to draft-ietf-uta-tls13-iot-profile. This is important as it specifies MTI algorithms for DTLS 1.3 in the IoT. - Added “TLS is typically sent over 8 bytes UDP datagram headers while TLS is typically sent over 20 bytes TCP segment headers. TCP also uses some more bytes for additional messages used in TCP internally.” as suggested by Achim Kraus on the TLS WG list. - Added how 16 bytes tags would affect the sizes as suggested by Achim Kraus on the TLS WG list. This was added as text as the changes are trivial. Kept CCM8 in tables as that is the MTI in RFC 7925, draft-ietf-uta-tls13-iot-profile, and draft-ietf-core-oscore-edhoc. - As discussed on the TLS WG list, the sizes for (D)TLS are heavily dependent on the key exchange, signature, and PRK format used. Based on this one table now uses secp256r1 and ecdsa_secp256r1_sha256 while another table uses the more optimized x25519 and ed25519. A new table was needed as the changes are a bit complex. - As discussed on the TLS WG list and in draft-mattsson-tls-compact-ecc the ECDSA signatures in (D)TLS 1.3 are variable length with significant overhead from the DER encoding. The examples were updates with the average 75 bytes encoding (probabilities are roughly 25% for 76, 50% for 75, 25% for 74, and 0% for < 74). - added ed25519 PRK example as the size differs significantly from uncompressed and compressed secp256r1 RPKs. - The detailed DTLS example handshake now uses ecdsa_secp256r1_sha256 while the detailed TLS example uses x25519 and ed25519. The table gives numbers for all combinations. - Added text on overhead when draft-ietf-core-oscore-edhoc is used. - Much more cTLS handshake examples added. cTLS now has the same examples as TLS 1.3. New section on cTLS explains the numbers. - Reference updates. - Various editorial improvements. Cheers, John From: internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Tuesday, 24 January 2023 at 13:22 To: Mališa Vučinić <malisa.vucinic@inria.fr>, John Mattsson <john.mattsson@ericsson.com>, Francesca Palombini <francesca.palombini@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, Malisa Vucinic <malisa.vucinic@inria.fr> Subject: New Version Notification for draft-ietf-lwig-security-protocol-comparison-07.txt A new version of I-D, draft-ietf-lwig-security-protocol-comparison-07.txt has been successfully submitted by John Preuß Mattsson and posted to the IETF repository. Name: draft-ietf-lwig-security-protocol-comparison Revision: 07 Title: Comparison of CoAP Security Protocols Document date: 2023-01-24 Group: lwig Pages: 47 URL: https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-07.txt Status: https://datatracker.ietf.org/doc/draft-ietf-lwig-security-protocol-comparison/ Html: https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-07.html Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-lwig-security-protocol-comparison Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-lwig-security-protocol-comparison-07 Abstract: This document analyzes and compares the sizes of key exchange flights and the per-packet message size overheads when using different security protocols to secure CoAP. Small message sizes are very important for reducing energy consumption, latency, and time to completion in constrained radio network such as Low-Power Wide Area Networks (LPWANs). The analyzed security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, cTLS, EDHOC, OSCORE, and Group OSCORE. The DTLS and TLS record layers are analyzed with and without 6LoWPAN- GHC compression. DTLS is analyzed with and without Connection ID. The IETF Secretariat
- Re: [Lwip] New Version Notification for draft-iet… John Mattsson