[Secdispatch] my thoughts on the EDHOC interim
Benjamin Kaduk <kaduk@mit.edu> Mon, 11 March 2019 18:24 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C798C1310E2 for <secdispatch@ietfa.amsl.com>; Mon, 11 Mar 2019 11:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsWPhL0s6dqO for <secdispatch@ietfa.amsl.com>; Mon, 11 Mar 2019 11:24:05 -0700 (PDT)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710136.outbound.protection.outlook.com [40.107.71.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E6C1311D1 for <secdispatch@ietf.org>; Mon, 11 Mar 2019 11:23:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s80NTDS4GqlEo3hJKGlMI1j943lZ4bZekPblqonzyB0=; b=MkHAUbDC5q96ZwfYqqczC7gWk9Xnywj+wiILyPc3BfhVX+sj5KeRccGhoBWY6u3i8twSG0POIvFxbaPZLWYqTFCNJGvGidFdAnHtckthYqJ2UX+XS0IzLLNQoBM0qe1LOOq1sRshikKTvP4lFiz6GNzDLURV0TUIZ56cjD7iccI=
Received: from SN2PR01CA0002.prod.exchangelabs.com (2603:10b6:804:2::12) by DM5PR01MB2473.prod.exchangelabs.com (2603:10b6:3:3c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.17; Mon, 11 Mar 2019 18:23:54 +0000
Received: from DM3NAM03FT022.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::209) by SN2PR01CA0002.outlook.office365.com (2603:10b6:804:2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.18 via Frontend Transport; Mon, 11 Mar 2019 18:23:54 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT022.mail.protection.outlook.com (10.152.82.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.19 via Frontend Transport; Mon, 11 Mar 2019 18:23:53 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2BINoHA027782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <secdispatch@ietf.org>; Mon, 11 Mar 2019 14:23:52 -0400
Date: Mon, 11 Mar 2019 13:23:50 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: secdispatch@ietf.org
Message-ID: <20190311182349.GT8182@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(346002)(39860400002)(136003)(376002)(2980300002)(54164003)(53754006)(189003)(199004)(476003)(88552002)(561944003)(53416004)(104016004)(486006)(106002)(14444005)(106466001)(305945005)(2351001)(46406003)(58126008)(426003)(2906002)(336012)(126002)(956004)(55016002)(86362001)(16586007)(97756001)(33656002)(50466002)(5660300002)(75432002)(23726003)(186003)(316002)(26005)(786003)(356004)(8676002)(8936002)(7696005)(478600001)(47776003)(1076003)(26826003)(6916009)(246002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR01MB2473; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fd51b713-c603-4c09-0ea8-08d6a64eb7c8
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4608103)(4709054)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:DM5PR01MB2473;
X-MS-TrafficTypeDiagnostic: DM5PR01MB2473:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2473; 20:3Jg7rdzIBxAlYHTPmXYkv1t41mlXOtNuZl8LxO6Ku1C1vj8hZpRzZatvDYbWtN803oEkGcbeIZfi7lVceFmFAP8MDN9AujKGA3O9zsbHg88nsLPt7YAiaVrg3OIE5pujl4qYAXfjOLl1vPq1cDO76c4BAhx2vTHNPYuB5S8mSrGKTWSzJxslesFl2buEwE/WckfxYULqgdKdbRKTFlT3aAaK9k+YVqcTjF6IHYaZKB61wiK0drfv1JAOGV6rLGg9KomtmhtO3V/xhBvSfRmYjbISfJcjGsLW7wUEdsMAh+i9Q0l5uBSH1Uj+6TtIgRUT/XWVwTDUVRres2vyyj0YcS1WSqwhg1DmhTW/SD5HXUwCEJkLc9k3zjzoviLFQ3Yn9Gwi5q7/H7rDXfuOg3oV7FrXQvUMJcOuOs/VyT0vBnaQwWiJeZYoL3hrfDexzG0yI9vlUrn3rsd4FZvlnU7yD+9mvm5PPQ1P8p5cvinXH2O/PxiqDkNw3cDkR2jN39Vw4hTuIsH24ExU/uQNCIhaFS0ZQKVxQghWrhwn1ScxAjbZrnehUwqciCMW2ej9zwL0lvfR782umcOYm87bd4Y027KMSmBjvzQyVsdfEEy/WoI=
X-Microsoft-Antispam-PRVS: <DM5PR01MB24735428E4679D511E4D200BA0480@DM5PR01MB2473.prod.exchangelabs.com>
X-Forefront-PRVS: 09730BD177
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2473; 23:n+nAkolYxxZTt2EDWTNHarqvkB4tmC4YpCN5F+cmMzXDAe3Q4Rfq17ptRo8mNpFW6ZGY6DqZMI6JFYFWAdp/aO59rrogSDtFQ3GpYPKX5eqL7VmD2dHeO9HhosP5qxVi6k9nbVgSWNOWu/P5AQNG355+YmTXishmCsT8SGnO70E8S5R5t5V5iuDRZi2ASeOk5egCWmbMHYZhJEFj1eFijzGcNKIQNUuPzWJraQv3fr1uDf/Z3mD8z1HVNAgbe2gNse6l6AkTZtTr2djKxdLjOUTsSCqvotN6Uj/c9U0QvuGTctAIDMQFGJ4nCHqQeGMwuHSydcMqF6LG5hLuB3eY5wfFwINo38G9kNRH7zubpilkGHa86KiCN4FupopPTWaJ7na0BbH3T0J59BCZZg/fogPyaaPEhZ2/KPaO13xdgSvLhiLbGSPCzOSapPlckb0vrzD9TnfUVc2+dzw+y3SAf8pe8ii4+lO/VffxrkwMlKacz6vGrTwhI8Wbcs2emo67qicT8XgbLmvLT0hM775xpNCRCmBZikU8IUrOEaf9pyD6rwFIS+qPLyGsLD/wUJ5pWejn79E86yb3owhatMUedr7xIV8BvBYLPpV8FfKglpiILJ8uv6PFJz5+WKhHB5gKV70abUBRFHNQDA5RppmUeEb7m08cmi1Jz/kVSe0ya4d5ijhIfFlJxuA8StZCw8W0OodiTcYpwHH13RERpd/mNRy5O48AZg+QB48SNHl85p6gdnQkeW2vBDYzuddHuHuSdSUwrqpjSVG4Gr/QPDYcQ0OXpQJy/to7fTI8Bhn4vSLJICaAOpAJVKtUuNQH+V8Zu519O1vzDZD+kbdU6jEmemuc7Z15KKG+tXcwNjwxRgiJmrGOMVXOU0cWw3nEloxShLEBcL70NQWcKyrdE5UBuLD/uL/aBwpMg+OzT+Ts4O+0HngOx+MAyQiu5gGMwtcOzLNQ8IcMNMPMAYjsekAvyb3Fh1goXudPEbfRDOlPRDJnT76A/iko05I0oW64iTeX/S2wCekqP8JwrjifisgjmT/dGBFLCy/met3X0Ld5pKVLsxKjWLzIM7I/PQzD2RxwffBxa8LgKS0ax9KtE2YQgJpTOYSAazaxvYNa7c5y6B4=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: WZGNpVqBNyyxpLVLyAeESivL3fq02VwnqithF8JxVWkdw+ZVt8d3AM5YkdypFKfG4UYXFu337Bap9IGrcfrozfmtDHsq3yXbfXAnWlZ/c9g5M/phbOxkv0JvGdOEyEDALT05fHNkTVZ3kuonS5jnMsn3hDF/crlng1r5T9Fww2dzijLAqy5SZjf2UdGFjobF0Q03ZL/Qp9EU7ziW7cvhHLdkXIA8Ow1yIfeO2g+mgIwCD6vQghJHBSMdFPkGCAMw9HuWaS+7tc2Ni1Gnjnpcsp4E2luQVb4Ckq6hTTX2HFDxROi091ciGhZ68ZgayL+KPdv8wuBc2KJI6uo7JHCklJWUKu+Yn+rW1P70Dpx/EOZ7P9tkci8CVdpUZl8g+wNfIWIk3Ga39uq7iEaCQAB9S/gP9Vphyw/1bJ01t9PjTAs=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2019 18:23:53.4840 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fd51b713-c603-4c09-0ea8-08d6a64eb7c8
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB2473
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/K0xTR5Ygj2Rbdsfkcfi4vLKyRkI>
Subject: [Secdispatch] my thoughts on the EDHOC interim
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 18:24:13 -0000
Hi all, Thanks to everyone who attended the interim -- I know it was not a great time zone for many people, but you stuck to it. My sense coming out of the session was that it's pretty clear there are some wide areas of applicability where EDHOC is useful and a clear improvement over the pure-PSK methods currently in use. It seems like, in broad terms, what we're currently stumbling over is just the process of bringing new work to the IETF. Among other things, we evaluate proposed work in a broad context that includes both the present state of deployment (if any) in the problem space and the present state of similar protocols. In particular, publishing as Proposed Standard in the IETF RFC stream means (in general; there can be exceptions) that: - the IETF has change control over the technology - there is IETF consensus to produce a solution in the problem space in question and on what the problem space in question is - there is IETF consensus that the technology in question is a good solution to the problem at hand. It need not be the perfect solution if the value from publishing and implementing earlier outweights the costs of the delay to tweak it further; similarly, if an existing technology can be used to meet the need then there is a higher bar for introducing something completely new, depending on the degree of similarity and the nature of the protocol in question. I am seeing several people try to assess the "good solution to the problem at hand" portion and run into trouble because the "problem at hand" was not clear enough (to them) to produce a clear answer -- we had several alternate solutions proposed but no consensus on whether they actually solve the problem at hand, largely because the "problem at hand" has been hard to nail down in a way that can readily be assessed. As such, it may even be premature to try to tackle the "good solution to the problm at hand" with the current definition, which is in some ways being described as a pure minimization function with no cutoff for "good enough" or "diminishing returns". (From a mathematical sense, it's pretty clear that the function thusly described has no absolute minimum, so our search would never terminate.) Luckily, it seems that our discussion of frame sizes and power consumption can point us to a clear framing of *a* problem that does have clear and actionable success criteria. This need not be a "fully general" space (if such a thing is even possible for constrained devices), but if the relevant deployed base is large, even a solution targeted to that space would have value. (Presumably the solution would still be useful in adjacent problem spaces as well, even if they were not explictily targetted.) As Martin noted, the standard questions we look at in BoF sessions can also be used to assess proposed new work outside of a BoF, and it may be useful to consider this work in the context of those questions: 1. What is the problem we are faced with? 2. Is the problem understood and narrowly scoped? 3. Do we believe it is possible to engineer a solution? 4. (stretch objective) Is this particular proposal a good basis for working on? Thanks to everyone for continuing to work through this topic in a thoughtful and methodical manner. -Ben
- [Secdispatch] my thoughts on the EDHOC interim Benjamin Kaduk
- Re: [Secdispatch] my thoughts on the EDHOC interim Göran Selander