IETF Logo Mail Archive

Re: [Secdispatch] EDHOC Summary

Tero Kivinen <kivinen@iki.fi> Fri, 12 April 2019 00:08 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A09012004E for <secdispatch@ietfa.amsl.com>; Thu, 11 Apr 2019 17:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.42
X-Spam-Level:
X-Spam-Status: No, score=-3.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YIhkCrH2GcH3 for <secdispatch@ietfa.amsl.com>; Thu, 11 Apr 2019 17:08:28 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0685C120013 for <secdispatch@ietf.org>; Thu, 11 Apr 2019 17:08:27 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x3C08NXU013047 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 Apr 2019 03:08:23 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x3C08MsC016673; Fri, 12 Apr 2019 03:08:22 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <23727.55030.643053.867113@fireball.acr.fi>
Date: Fri, 12 Apr 2019 03:08:22 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: goran.selander@ericsson.com
Cc: Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>, Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
In-Reply-To: <DC16C49A-15BB-454B-A825-608BE3855284@ericsson.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B3311A9F@marchand> <012a4798-fc70-4b5d-b0da-373221c95d38@www.fastmail.com> <721B6044-8DA1-4173-BE73-87D37136DFEE@ericsson.com> <8e8873a9-2352-40af-8e60-370012393ccc@www.fastmail.com> <F7934212-2785-4D8C-992B-2C0572C2A889@tzi.org> <CAL02cgSr38a+PZu4Ttnr-RuMaTD3kE6ACWJDJjV3+Bgn2NNqAA@mail.gmail.com> <3822.1555010100@localhost> <CAL02cgTdKOEQEbPb+=GJKyMBJQqgPfhuvn-3Bs58DdGYLOALTQ@mail.gmail.com> <DC16C49A-15BB-454B-A825-608BE3855284@ericsson.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 8 min
X-Total-Time: 8 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/G71y2ZKUmfC8OAzsUmvtfS-45v0>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 00:08:30 -0000

Göran Selander writes:
> [GS] As I mentioned in my recent reply, given the changes you make
> to TLS to make message sizes on par with EDHOC, it is a new protocol
> so the statement about relying on the analysis of TLS is
> questionable. Comparing implementations there are clearly more of
> TLS, but, again, this is a new protocol.

I do not think it is new protocol, it could be done by just applying
static header compression to TLS.

Making static context header compression rules, that will omit for
example most of the TLS framing which are not needed (as they are
static) will allow take normal TLS frame, compress it to much smaller
frame to be sent to other end.

Then on the other end the static context header compression rules will
decompress the frame and will get exactly same full TLS frame that was
in the sender end. From the TLS library point of view the packets are
full TLS 1.3 packets without any modifications. There might be some
constrains what kind of TLS 1.3 frames the compression can do, for
example there might be constraints that there cannot be any generic
extensions, i.e., the TLS library would need to be configured so it
will never even try to use them, the length of nonce might be fixed to
specific length etc.
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email