Re: [Secdispatch] EDHOC Summary
Göran Selander <goran.selander@ericsson.com> Thu, 18 April 2019 12:55 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD1D112030B for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 05:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.023
X-Spam-Level:
X-Spam-Status: No, score=-1.023 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RmI3dM3mnsKi for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 05:55:15 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130072.outbound.protection.outlook.com [40.107.13.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB5112030D for <secdispatch@ietf.org>; Thu, 18 Apr 2019 05:55:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9AzAMmPgkHzmDU3zqeiVbEsGxv4HX5j+w5AWOf7ra5A=; b=MV3Wv23WI1n+1jNuPTeOD2BiTh2ArKEfP0kfiOlygxA7TbxsOm6em60bO9U2AZWWSG390apBItVtmH/VBOOyVW6EP4qHVKZbbvaGOldW9k6E0cQxjREvNyOuQpR8fEhRZNnqpVub2JGlxW/dj/cMz+0GUYjM0rFzwXhr6zHOdEE=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB3100.eurprd07.prod.outlook.com (10.170.245.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.6; Thu, 18 Apr 2019 12:55:11 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd%4]) with mapi id 15.20.1835.007; Thu, 18 Apr 2019 12:55:11 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Owen Friel (ofriel)" <ofriel@cisco.com>, Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Secdispatch] EDHOC Summary
Thread-Index: AQHU9bryBp4FMEo1v0OmeS0uE21muKZBv2TQgAA2YwD//97IsIAALWsA
Date: Thu, 18 Apr 2019 12:55:11 +0000
Message-ID: <0EE8E3B3-DCEE-4B23-8669-15F7080F73AF@ericsson.com>
References: <8BCAAD78-74D7-414C-82B2-EFB98D711D1E@ericsson.com> <AM6PR08MB36860F9597EBB248142E357EFA260@AM6PR08MB3686.eurprd08.prod.outlook.com> <2C9EADDC-2221-4321-9DE1-688DD7F97D34@ericsson.com> <AM6PR08MB3686F22C994D48D399033701FA260@AM6PR08MB3686.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB3686F22C994D48D399033701FA260@AM6PR08MB3686.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.18.0.190414
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.213.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7047d356-9078-450d-6ecf-08d6c3fd17c1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3100;
x-ms-traffictypediagnostic: HE1PR07MB3100:
x-microsoft-antispam-prvs: <HE1PR07MB3100CFDBC35890DDB9923E5DF4260@HE1PR07MB3100.eurprd07.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(39860400002)(366004)(376002)(199004)(189003)(446003)(66066001)(229853002)(14454004)(26005)(186003)(8936002)(97736004)(478600001)(256004)(7736002)(14444005)(2616005)(6486002)(33656002)(99286004)(4326008)(93886005)(53936002)(11346002)(68736007)(5660300002)(85202003)(102836004)(66574012)(316002)(6436002)(6116002)(36756003)(76176011)(54906003)(110136005)(86362001)(85182001)(486006)(58126008)(81166006)(8676002)(81156014)(71200400001)(305945005)(2906002)(71190400001)(6246003)(476003)(3846002)(82746002)(6512007)(25786009)(6506007)(83716004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3100; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: IIISckNkY/dY8gDLdPFYlxzxvYSqmcu0t/WypXTtquEWHsqpz4ISGCqHY9XnRy39ta0RzcTXLU6irlvodYWHylQ7euj1xttgkEqQ8M7Z1gSo60Ikm1Bu8ei6p8l/UK2vT+DCK7lLnij5es/MRogXdx8JVC+njmhjxteAW1WzmamrA+v8XULs0ZaAAMTzeX/97aBegmeFmfertWBa9LCfYUe9PwmF/UQ1aq/VgYAcAKoXJcxmKZDOP3xFYRX+zIvNSdvy62E/4FStc1Cu4g3zTdU+k4dLqfftSWak7LMTY4MZiTFotgQY8y42+1BocOOLA+2Oet7iG3Ri2U4qmpayCpz63l1Nw7/q1Z8PfXMcHNcNlAQk0X6zFlJj6XxVMse6MGyO9f4cr45GHxNMS8y2+B2kT8iwZgXiTbyIIp2FWuI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <50CFDAB4696EB14EBB733CE30AFD55B1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7047d356-9078-450d-6ecf-08d6c3fd17c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 12:55:11.1268 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3100
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/_a5M8FbURz9wToSe-ZzhqrrnbBI>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 12:55:18 -0000
Hi Hannes, On 2019-04-18, 14:21, "Secdispatch on behalf of Hannes Tschofenig" <secdispatch-bounces@ietf.org on behalf of Hannes.Tschofenig@arm.com> wrote: [GS] The AKE for OSCORE clearly must support the same transport as OSCORE. No, it doesn't. [GS] Strike "clearly", this is a requirement coming from use cases implementing OSCORE and in need for an AKE. [Hannes] I don't see where this requirement comes from. From the DTLS/TLS experience I have seen several solutions in the IETF where the handshake was separate from the protection of the data. It wasn't a problem there... I actually see advantages if we untangle it from the transport because we keep inventing new transports. FWIW I see QUIC as a new transport as well and one that has not been explored enough in the IoT space. [GS] The context is this: OSCORE is deployed over a number of hops with different transports. The key exchange protocol must at least be able to travel the same path. > From first individual submission to the approved version of OSCORE, the introduction section states that OSCORE may or may not be used over TLS/DTLS. > (The approved version recommends the use of additional TLS for certain hops, but not over constrained networks.) You see what I am talking about... [GS] No. [Hannes] First you say "it may be used over TLS/DTLS" even in the draft. Later, you add that it shouldn't be done over constrained networks. [GS] I don't understand how you got from "it may be used over TLS/DTLS" which has been stated in the draft since day 0 to "it must be used with TLS/DTLS" which never has been stated in the draft. The draft does not state "it must/should not be used with TLS/DTLS" -- you may deploy OSCORE and TLS/DTLS in tandem if you like. I am sure I can dig out meeting meetings where you deny that OSCORE/EDHOC are in any competition to TLS/DTLS. [GS] Be my guest. > OSCORE/AKE over TLS is similar to TLS over IPsec/IKEv2. You know that nobody uses IPsec / IKEv2 in an IoT context (even though some of your co-workers even argued for it some time ago). [GS] The analogy I wanted to make is that security protocols may be applied at multiple layers on a particular leg of a communication path. This has nothing to do with IoT context. [Hannes] But it was a good example because back then I was also the only one voicing concerns about the large number of security options we provide in the IoT space. It seems that you agree with me in the meanwhile. More options does not necessarily lead to better interoperability. [GS] I did not make any statement about the use of IPsec for IoT. I just wanted to explain the analogy. Göran
- [Secdispatch] EDHOC Summary Roman Danyliw
- Re: [Secdispatch] EDHOC Summary Jim Schaad
- Re: [Secdispatch] EDHOC Summary Michael Richardson
- Re: [Secdispatch] EDHOC Summary Alexey Melnikov
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Jim Schaad
- Re: [Secdispatch] EDHOC Summary Salz, Rich
- Re: [Secdispatch] EDHOC Summary John Mattsson
- Re: [Secdispatch] EDHOC Summary Kathleen Moriarty
- Re: [Secdispatch] EDHOC Summary Michael Richardson
- Re: [Secdispatch] EDHOC Summary Antonio Skarmeta
- Re: [Secdispatch] EDHOC Summary sandoche Balakrichenan
- Re: [Secdispatch] EDHOC Summary Benjamin Kaduk
- Re: [Secdispatch] EDHOC Summary DAN GARCIA CARRILLO
- Re: [Secdispatch] EDHOC Summary Stephen Farrell
- Re: [Secdispatch] EDHOC Summary Kathleen Moriarty
- Re: [Secdispatch] EDHOC Summary Carsten Bormann
- Re: [Secdispatch] EDHOC Summary Jesús Sánchez-Gómez
- Re: [Secdispatch] [core] EDHOC Summary Jari Arkko
- Re: [Secdispatch] [core] EDHOC Summary Pascal Thubert (pthubert)
- Re: [Secdispatch] [core] EDHOC Summary Laurent Toutain
- Re: [Secdispatch] [lp-wan] [core] EDHOC Summary ana minaburo
- Re: [Secdispatch] [lp-wan] [core] EDHOC Summary Renzo Navas
- Re: [Secdispatch] EDHOC Summary Roman Danyliw
- [Secdispatch] EDHOC Summary Blomqvist, Peter
- Re: [Secdispatch] EDHOC Summary Shahid Raza
- Re: [Secdispatch] EDHOC Summary Martin Thomson
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary John Mattsson
- Re: [Secdispatch] EDHOC Summary Christopher Wood
- Re: [Secdispatch] EDHOC Summary Martin Thomson
- Re: [Secdispatch] EDHOC Summary John Mattsson
- Re: [Secdispatch] EDHOC Summary Carsten Bormann
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Eric Rescorla
- Re: [Secdispatch] EDHOC Summary Richard Barnes
- Re: [Secdispatch] EDHOC Summary Eric Rescorla
- Re: [Secdispatch] EDHOC Summary Richard Barnes
- Re: [Secdispatch] EDHOC Summary Michael Richardson
- Re: [Secdispatch] EDHOC Summary Richard Barnes
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Tero Kivinen
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Tero Kivinen
- Re: [Secdispatch] EDHOC Summary Carsten Bormann
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Jim Schaad
- Re: [Secdispatch] EDHOC Summary Owen Friel (ofriel)
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Göran Selander
- Re: [Secdispatch] EDHOC Summary Hannes Tschofenig
- Re: [Secdispatch] EDHOC Summary Benjamin Kaduk
- Re: [Secdispatch] EDHOC Summary Benjamin Kaduk
- Re: [Secdispatch] EDHOC Summary Benjamin Kaduk