IETF Logo Mail Archive

Re: [Secdispatch] EDHOC Summary

Jim Schaad <ietf@augustcellars.com> Sat, 13 April 2019 22:38 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817FD1200B3 for <secdispatch@ietfa.amsl.com>; Sat, 13 Apr 2019 15:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02LOZdz04FUq for <secdispatch@ietfa.amsl.com>; Sat, 13 Apr 2019 15:38:49 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD52F1200CE for <secdispatch@ietf.org>; Sat, 13 Apr 2019 15:38:48 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 13 Apr 2019 15:38:42 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Thomson' <mt@lowentropy.net>, 'Göran Selander' <goran.selander@ericsson.com>, secdispatch@ietf.org
References: <359EC4B99E040048A7131E0F4E113AFC01B3311A9F@marchand> <012a4798-fc70-4b5d-b0da-373221c95d38@www.fastmail.com> <721B6044-8DA1-4173-BE73-87D37136DFEE@ericsson.com> <8e8873a9-2352-40af-8e60-370012393ccc@www.fastmail.com>
In-Reply-To: <8e8873a9-2352-40af-8e60-370012393ccc@www.fastmail.com>
Date: Sat, 13 Apr 2019 15:38:37 -0700
Message-ID: <000001d4f249$a4bea940$ee3bfbc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKfGLPmwj7uBgha/YkI9i6FfschWgGewDoPAkGqZwACwWencKRxUxdA
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/8m6C2gyVz2-NHOh9rGsS9SKoWfg>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Apr 2019 22:38:51 -0000


> -----Original Message-----
> From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Martin
> Thomson
> Sent: Tuesday, April 9, 2019 7:57 PM
> To: Göran Selander <goran.selander@ericsson.com>; secdispatch@ietf.org
> Subject: Re: [Secdispatch] EDHOC Summary
> 
> On Tue, Apr 9, 2019, at 21:57, Göran Selander wrote:
> > [GS] There seems to be consensus on the summary provided by the
> > Security ADs, which includes the problem statement.
> 
> The entire point of my mail was to contest that point.
> 
> > [GS] There is no competing solution to the problem statement. As been
> > witnessed, people have waited for years for this to progress.
> > Therefore I don't see anything premature with assuming EDHOC to be a
> > starting point for the WG.
> 
> So you would prefer to disregard the work done by Eric and Jim completely?

Don't forget that one of the issues that was identified by me was that by the time I was finished I felt that an entirely new security analysis was going to be required to make sure that nothing was broken.

Jim

> 
> > [GS] Concrete targets with numbers have been presented, for example
> here:
> > https://mailarchive.ietf.org/arch/msg/secdispatch/vNR7nT20fsvYjYXhAPjO
> > pLjZGCU
> 
> Presented, yes.  Agreed, no.
> 
> > [GS] A lightweight AKE on application layer, which this specific WG is
> > proposed to work on, is actually a missing enabler for constrained
> > nodes to  "communicate among themselves and with the wider Internet".
> > Indeed, if the security protocol is too heavy or needs to terminate in
> > a gateway due to change of transport etc., then end-to-end secure
> > communication between the endpoints will not take place, thus
> > preventing "to partake in permissionless innovation".
> 
> I think that you missed my point.  If the goal is to provide an AKE, then any
> AKE will do.  If the goal is to communicate with other Internet nodes, then
> you might argue that any AKE will do, but you at least have to consider what
> existing Internet nodes do in making that call.
> 
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch

v2.23.0 | Report a Bug | By Email