Re: [Secdispatch] EDHOC Summary

Göran Selander <goran.selander@ericsson.com> Wed, 10 April 2019 08:10 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A354512012A for <secdispatch@ietfa.amsl.com>; Wed, 10 Apr 2019 01:10:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.022
X-Spam-Level:
X-Spam-Status: No, score=-1.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aePozvVWW-kw for <secdispatch@ietfa.amsl.com>; Wed, 10 Apr 2019 01:10:13 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70079.outbound.protection.outlook.com [40.107.7.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAE551200FE for <secdispatch@ietf.org>; Wed, 10 Apr 2019 01:10:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l//YFoADrs6E5rQ30/POJ6KyU5cL5jj1Yp+toyCJ2hs=; b=R8JvIF3QVS9ZCDQHFF4Fcq5auhDbLqAZ13K9yJBIwd9YR5R0MPaHGbCAIJRPQUhVWvmB/Da04YfGEgVlZ4K5LX2f5iInxz6jMzmFgWqVxoONOLua1apa7tHvZZvPJ3HkaDcKSoCaCQC7kI1xK/M2R/miGLzuz37ARvm/aaJzGFE=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB3307.eurprd07.prod.outlook.com (10.170.246.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.9; Wed, 10 Apr 2019 08:10:09 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd%4]) with mapi id 15.20.1813.003; Wed, 10 Apr 2019 08:10:09 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Christopher Wood <caw@heapingbits.net>, "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] EDHOC Summary
Thread-Index: AdTlTpiwSQddzTDHR8ys25qjhhiyAAJEpqUAAB7BU4AAGO0gAAARaYkA
Date: Wed, 10 Apr 2019 08:10:09 +0000
Message-ID: <9B8B8EDC-354B-44FF-A502-1F40E7FF6946@ericsson.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B3311A9F@marchand> <012a4798-fc70-4b5d-b0da-373221c95d38@www.fastmail.com> <721B6044-8DA1-4173-BE73-87D37136DFEE@ericsson.com> <1bfbef5a-027a-460e-b421-fb4c3a82e583@www.fastmail.com>
In-Reply-To: <1bfbef5a-027a-460e-b421-fb4c3a82e583@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.1.190326
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.213.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa727282-675f-4187-1f06-08d6bd8bf324
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3307;
x-ms-traffictypediagnostic: HE1PR07MB3307:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR07MB33074DC79F9E4872E2593827F42E0@HE1PR07MB3307.eurprd07.prod.outlook.com>
x-forefront-prvs: 00032065B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(39860400002)(366004)(396003)(199004)(189003)(102836004)(53936002)(8676002)(33656002)(81156014)(8936002)(186003)(105586002)(6246003)(81166006)(7736002)(68736007)(6506007)(6436002)(26005)(6486002)(85202003)(93886005)(229853002)(58126008)(110136005)(106356001)(6512007)(6306002)(66066001)(2906002)(305945005)(316002)(99286004)(36756003)(76176011)(561944003)(85182001)(97736004)(71200400001)(83716004)(71190400001)(25786009)(6116002)(446003)(82746002)(86362001)(14454004)(14444005)(11346002)(966005)(2501003)(5660300002)(256004)(66574012)(2616005)(478600001)(486006)(476003)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3307; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 75GQnemeAoqOMhRrcfvNR2GRMN5tcSKVF3nHlpwfZtUW+RwsI8iMmJvQVQwcYpbDLzqdG1cZghmcb2c+n6HVmNeAVFNfPjQhehAvRCkPdQSuS0uZ3TKVcZIoSPMqhEyVGlLwrokqYktKhZUF5Fi+B/Bo2f/mCzWmYoRpOnASS8HP3GN6Llrk5mDzz8sejaSnsXDmAJ+YicFDJiTKUuVY147uE7ulQ2kKjh7cppOzXhWsHdPiNYwc6zj3YsWSBFnKD0TDVEipp4MAFdSWuHeWZr1cFAKm+aDDJJmS3KMxhCpBS/bYAohFYNRZjosnvbLWCegaCqqHkQ9CvFL4mkt2J6aBZHNic9stXaZUhPfldoQEbPelCDKWYCfhvIILsUPxeWfLr0JdUpUH8twxe4cBO5SWs9PRVjZdSOX13J9S6kY=
Content-Type: text/plain; charset="utf-8"
Content-ID: <D2FE145F286A9E40853FC5DA36D09E32@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa727282-675f-4187-1f06-08d6bd8bf324
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 08:10:09.5697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3307
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/7E3dUDMfuxwLZav0Q-o_ltqKFlY>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 08:10:16 -0000

Hi Chris,

On 2019-04-10, 03:52, "Secdispatch on behalf of Christopher Wood" <secdispatch-bounces@ietf.org on behalf of caw@heapingbits.net> wrote:

    Hi Göran,
    
[- - -]

    If what’s missing is a lightweight AKE protocol, then shouldn’t the purpose of this WG be to first identify what lightweight means? To reiterate (my understanding of) Martin’s point, it seems the requirements do not have consensus, and therefore choosing a specific AKE is a bit premature. It seems prudent to first get a shared understanding of the problem space and requirements before we trim the solution space.

[GS:]

The purpose of the Secdispatch interim meeting on March 05, the preceding and following discussion was to detail the requirements (and present the results of the security analysis). Our post-interim compilation of the usual BoF questions including requirements (and specification of 'lightweight') is here:
https://mailarchive.ietf.org/arch/msg/secdispatch/vNR7nT20fsvYjYXhAPjOpLjZGCU

The security ADs' conclusion of the whole discussion and proposal for next steps, including a request for community feedback (which ended on Monday) is here: 
https://mailarchive.ietf.org/arch/msg/secdispatch/Kz_6y6Jq4HsWxglsUHafWjXIm0c

I only see a large number of people agreeing and no technical argument against.

Apologies for my impatience, but the discussion is over 2 years old. The people contesting this work has been against it for a long time and the argument has shifted from "the TLS handshake is lightweight" to "there is no need for a lightweight handshake" to "OK, we need a lightweight handshake, but not as lightweight as EDHOC". (The last statement is slightly distorting the argument, but just to give the idea.)

Göran


    Best,
    Chris
    
    _______________________________________________
    Secdispatch mailing list
    Secdispatch@ietf.org
    https://www.ietf.org/mailman/listinfo/secdispatch