IETF Logo Mail Archive

Re: [Secdispatch] EDHOC Summary

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 18 April 2019 15:17 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353FE1203BF for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 08:17:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hTZbQuF18-w for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 08:17:37 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00076.outbound.protection.outlook.com [40.107.0.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33A2A12036B for <secdispatch@ietf.org>; Thu, 18 Apr 2019 08:17:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0ac62AM8QT4KIIbAegen9yuWik/LJxm1tAVqE2MS/ks=; b=caB3Jjv2iwELmq5kjX/nTVP7AXbXKwUPFTdApwqnuTnx5vZ6darn0DLF8XyLdQLntM3k+g2x9lsu6SIeOtYkGS+kRazZCrXL/RGMsO8W9t25B1xAUtE9HGnwPC+PwEoYsf7heULY9ixKbzQR8CABj1oNyAvM0ioP1UWKFpM8us0=
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com (20.178.91.22) by AM6PR08MB3237.eurprd08.prod.outlook.com (52.135.164.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.11; Thu, 18 Apr 2019 15:17:34 +0000
Received: from AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91]) by AM6PR08MB3686.eurprd08.prod.outlook.com ([fe80::7025:fc8a:7d0a:cb91%3]) with mapi id 15.20.1813.011; Thu, 18 Apr 2019 15:17:34 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Göran Selander <goran.selander@ericsson.com>, "Owen Friel (ofriel)" <ofriel@cisco.com>, Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Secdispatch] EDHOC Summary
Thread-Index: AQHU9bryBp4FMEo1v0OmeS0uE21muKZBv2TQgAA2YwD//97IsIAALWsA////GOCAACXmAP//4EBQ
Date: Thu, 18 Apr 2019 15:17:34 +0000
Message-ID: <AM6PR08MB36865A27F0D15A61D588D434FA260@AM6PR08MB3686.eurprd08.prod.outlook.com>
References: <8BCAAD78-74D7-414C-82B2-EFB98D711D1E@ericsson.com> <AM6PR08MB36860F9597EBB248142E357EFA260@AM6PR08MB3686.eurprd08.prod.outlook.com> <2C9EADDC-2221-4321-9DE1-688DD7F97D34@ericsson.com> <AM6PR08MB3686F22C994D48D399033701FA260@AM6PR08MB3686.eurprd08.prod.outlook.com> <0EE8E3B3-DCEE-4B23-8669-15F7080F73AF@ericsson.com> <AM6PR08MB36865E3D02DA93B49E2EF216FA260@AM6PR08MB3686.eurprd08.prod.outlook.com> <96AE0619-F977-42F1-8062-3FE9FECC6A13@ericsson.com>
In-Reply-To: <96AE0619-F977-42F1-8062-3FE9FECC6A13@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.121.58]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 426563d5-8c52-4352-76e9-08d6c410fbdd
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:AM6PR08MB3237;
x-ms-traffictypediagnostic: AM6PR08MB3237:
x-microsoft-antispam-prvs: <AM6PR08MB3237267A7C1EF5AA0BEB25B2FA260@AM6PR08MB3237.eurprd08.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(376002)(136003)(39860400002)(40434004)(13464003)(199004)(189003)(52536014)(68736007)(97736004)(14454004)(478600001)(76176011)(5660300002)(102836004)(6506007)(99286004)(316002)(81156014)(186003)(486006)(53546011)(3846002)(11346002)(446003)(25786009)(8936002)(81166006)(6116002)(26005)(4326008)(53936002)(2906002)(55016002)(6246003)(5024004)(256004)(14444005)(54906003)(229853002)(9686003)(8676002)(305945005)(86362001)(6436002)(71190400001)(72206003)(7696005)(476003)(110136005)(33656002)(71200400001)(66574012)(74316002)(93886005)(66066001)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3237; H:AM6PR08MB3686.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 6L6b8vSmKuvAbXw8wNtnkFC3pfhqvywWhdr9/NRDg7KoyBviU1jaYIzaNXWmeCgRhe1/mWcDwmL5eGKsHqSVnbVNvaAyox1JYsOU/SIHc62WytNWsGAJaPTWKguBIWhai9EY0fDzQxvn4qRwn+2QpN80Lrd8ZT83OO0DHCR/FFt93/zXRaQbvs2OVCUzdArCbcI618rsrvk0Zs3PVl9j+J7KBeLaV7hgD1YKiVzKhX04oLavSmiDrgeDcUb+5CCDoZgr058bG2z8dMNN9KfO3uIVcsz0Zd03s6m27buQ4RPRlCpmX/bv8IvT2Tr3lWBV2TBYlViZ8N0FbC/iRoFXqMKHGudgSfwQZVpTvW2kasqi1ZT6tuaeGsif9qDPKsf8pBARzYCdp9EklvzZeUqRkpxkzcFxBE0+YHXHFwPvEhw=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 426563d5-8c52-4352-76e9-08d6c410fbdd
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 15:17:34.2869 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3237
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/cnL0aRFHA9FbOK12ooOrH5PVD6k>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 15:17:41 -0000

Hi Goeran,

Do you notice there is a difference between

"the AKE should support the same transport as OSCORE"

and

"The key exchange protocol must at least be able to travel the same path."

Ignoring the difference between the 'should' and the 'must' I wonder whether I could run a DTLS/TLS handshake between the two endpoints and then derive keys for OSCORE and whether that would still be OK in your view.

Ciao
Hannes

-----Original Message-----
From: Göran Selander <goran.selander@ericsson.com>
Sent: Donnerstag, 18. April 2019 17:08
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Owen Friel (ofriel) <ofriel@cisco.com>; Richard Barnes <rlb@ipv.sx>; Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Carsten Bormann <cabo@tzi.org>; secdispatch@ietf.org; Martin Thomson <mt@lowentropy.net>
Subject: Re: [Secdispatch] EDHOC Summary



On 2019-04-18, 16:55, "Hannes Tschofenig" <Hannes.Tschofenig@arm.com> wrote:

    Hi Goeran,

    > [GS] The context is this: OSCORE is deployed over a number of hops with different transports. The key exchange protocol must at least be able to travel the same path.

    This is now a different requirement than stated previously. We are making progress.

[GS] No, this is the requirement "the AKE should support the same transport as OSCORE". That does not exclude that the AKE supports other transport.

Göran


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email