[Secdispatch] Regarding the EDHOC IETF Developments
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sun, 14 April 2019 12:34 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D215A120098 for <secdispatch@ietfa.amsl.com>; Sun, 14 Apr 2019 05:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvMUCng4hRqb for <secdispatch@ietfa.amsl.com>; Sun, 14 Apr 2019 05:34:56 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40067.outbound.protection.outlook.com [40.107.4.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45BA1120041 for <secdispatch@ietf.org>; Sun, 14 Apr 2019 05:34:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uiSyKvZ2nM1h2aN4COapb0F8wjsxGwcZlc25SZPrmY0=; b=PojPIjtlAC+zWKsU3yGkgSV7p9h9yFsiszn4m5H0jhkGYSTTwSpVSscMSnVpFOTNXft6we1QgRF+dQS7jpGSLNkkQ7tgJ4UtHY/HqlJ/m/zbUqdg06V8l9usMxQiFCVuNy9UApSgY4xz8oWsT+7nkL0EamfWCBQcrSzW5l/2mRw=
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com (20.178.91.22) by AM6PR08MB3845.eurprd08.prod.outlook.com (20.178.89.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.17; Sun, 14 Apr 2019 12:34:46 +0000
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91]) by AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91%3]) with mapi id 15.20.1792.018; Sun, 14 Apr 2019 12:34:46 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: Regarding the EDHOC IETF Developments
Thread-Index: AdTytSpZeWWlsQi4T2mbc2Xc3fjEow==
Date: Sun, 14 Apr 2019 12:34:46 +0000
Message-ID: <AM6PR08MB3686C950A8C188748489409FFA2A0@AM6PR08MB3686.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.119.107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 91afb7a3-9a01-4e33-741a-08d6c0d59430
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:AM6PR08MB3845;
x-ms-traffictypediagnostic: AM6PR08MB3845:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <AM6PR08MB38452F79B130C7662B362A2DFA2A0@AM6PR08MB3845.eurprd08.prod.outlook.com>
x-forefront-prvs: 00073DB75F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39850400004)(376002)(366004)(396003)(346002)(40434004)(199004)(189003)(53754006)(97736004)(9686003)(33656002)(86362001)(966005)(2906002)(25786009)(54896002)(8676002)(6306002)(606006)(52536014)(74316002)(14454004)(68736007)(3846002)(7736002)(5660300002)(5024004)(81166006)(790700001)(6116002)(8936002)(256004)(2501003)(14444005)(71200400001)(71190400001)(1730700003)(81156014)(186003)(102836004)(6506007)(26005)(53936002)(6916009)(55016002)(6436002)(106356001)(478600001)(486006)(105586002)(476003)(72206003)(7696005)(2351001)(236005)(316002)(5640700003)(99286004)(66066001)(493534005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3845; H:AM6PR08MB3686.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: EaQQqGcozu7AEc8w/QutL5wqw1bv4ouhM9Lh0HOrw9PCp1cCfVFRNycFZXAb8Kfq5q25OWxySsAoP8wrHztVo3SPppa3z/VJMOGN2jglwVbWE+yRU+8UmHm2CLfJ8/Vmcj13g1xRwc2Tp8XRBInTEf7qzFYiNGkwDs+++QJE2R1DSaeu+JDDp8t4MjsEoBB2k59bna6K12+zalAHrfQRDmaOOebhdYidCvlMl45Eu1cLOKhpisMA6ECEUez6pXQulpxfMKkTDHipzs3Gyw7KsUe0PAgAd2DovifDxbfagki6ekL3G91EU3ncYqzkxHAvgDeS+S1VHsoNdV/QJht/2ZuqEr0GibF6L5543sIGW5p6zJgMYD8j9o+qcLZGiIicSWuadzluVOS9MhSUOkOqGK2bw9Nd2GMtXLJRNPuEutM=
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB3686C950A8C188748489409FFA2A0AM6PR08MB3686eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 91afb7a3-9a01-4e33-741a-08d6c0d59430
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2019 12:34:46.5753 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3845
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/SkNqhhDqtpHPrfaDZMaYDCCW428>
Subject: [Secdispatch] Regarding the EDHOC IETF Developments
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2019 12:35:00 -0000
Hi all, I was negatively surprised about the conclusions the area directors have taken with regard to the proposed work on EDHOC. I have therefore used this as an opportunity to reach out to my co-workers working on IoT deployments and our embedded implementations to collect their feedback. They have not run into performance problems with the use of DTLS & TLS 1.2 today (and our technology is used in lots of IoT environments). Our Mbed teams are continuously working on enhancements, including RAM and codesize improvements, for the security stacks and also for the IoT operating systems. Things work fine today even though some of the newer IETF work in the security area has not yet been utilized. Embedded system development takes time. The recent work on cTLS gives me the impression that performance optimization can be gained incrementally. That's very good news for those companies who have made several years of investment in those stacks. With our commitment to build a high-quality embedded TLS/DTLS tack (along with the crypto) we are obviously interested to see further work in that direction. I have started with a prototype implementation of the cTLS draft. It was a simple exercise without many code changes. I understand that nobody wants to hear that they shouldn't standardize their favourite solution. No IESG member likes to convey that message because they would like to get re-elected. Working group chairs obviously don't like to communicate such a message either. In the end, we have lots of solutions in the hope that the "market will figure it out". Just look at how many solutions for communication security we have (see Section 4.2 of draft-irtf-t2trg-iot-seccons-16) or how many different ways to provision credentials (see draft-sarikaya-t2trg-sbootstrapping-06 and we are adding more -- https://bit.ly/2v4p7rn) there are. The IETF has become really efficient in publishing specs. That's great. It is a pity that the embedded community is not that fast to deploy them. Normally, we do not care if someone proposes yet another solution. Unfortunately, for IoT-related stuff we spend a lot of time explaining why certain solutions are neither available in IoT operating systems, why they are not doing what they claim to do, or why the problems are actually somewhere else. We are worried about the collateral damage that results from standardizing EDHOC. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Secdispatch] Regarding the EDHOC IETF Developmen… Hannes Tschofenig
- Re: [Secdispatch] Regarding the EDHOC IETF Develo… Benjamin Kaduk