IETF Logo Mail Archive

Re: [Secdispatch] EDHOC Summary

Göran Selander <goran.selander@ericsson.com> Thu, 18 April 2019 12:12 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 303CC1200A0 for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 05:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.023
X-Spam-Level:
X-Spam-Status: No, score=-1.023 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7EZkQdy_vX2 for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 05:12:00 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50075.outbound.protection.outlook.com [40.107.5.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFC2B120052 for <secdispatch@ietf.org>; Thu, 18 Apr 2019 05:11:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ClWJy+6VAMZD13JMIZXprUHx7jo+LpuPdObWkZXatQg=; b=LJBhb54KKBq49x4lsPj21O3ZuTsQWU6GnTsfi6lR7LmWiNoWCSajNGc2cWFS6BSMxFwHuVEnjP0DfqQRxL5+6gegGLiKdOp9zhQr2+82SSOFnZDjQx4QwgGFYNpZQtFD4USEKmQdFmF9+P3v4kUdn62DfGexHGUChbPB+Xmc6LU=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB4267.eurprd07.prod.outlook.com (20.176.166.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.9; Thu, 18 Apr 2019 12:11:31 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd%4]) with mapi id 15.20.1835.007; Thu, 18 Apr 2019 12:11:31 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Owen Friel (ofriel)" <ofriel@cisco.com>, Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Secdispatch] EDHOC Summary
Thread-Index: AQHU9bryBp4FMEo1v0OmeS0uE21muKZBv2TQgAA2YwA=
Date: Thu, 18 Apr 2019 12:11:31 +0000
Message-ID: <2C9EADDC-2221-4321-9DE1-688DD7F97D34@ericsson.com>
References: <8BCAAD78-74D7-414C-82B2-EFB98D711D1E@ericsson.com> <AM6PR08MB36860F9597EBB248142E357EFA260@AM6PR08MB3686.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB36860F9597EBB248142E357EFA260@AM6PR08MB3686.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.18.0.190414
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.213.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 091197c8-dc03-4ac9-9cd3-08d6c3f6fe6d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB4267;
x-ms-traffictypediagnostic: HE1PR07MB4267:
x-microsoft-antispam-prvs: <HE1PR07MB42677ABD9F09FB943E0567FFF4260@HE1PR07MB4267.eurprd07.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(6116002)(86362001)(316002)(66574012)(110136005)(54906003)(58126008)(81156014)(81166006)(7736002)(4326008)(102836004)(6506007)(85202003)(186003)(8676002)(305945005)(4744005)(6486002)(85182001)(99286004)(8936002)(53936002)(6512007)(6246003)(82746002)(5660300002)(486006)(36756003)(68736007)(478600001)(14454004)(33656002)(256004)(446003)(6436002)(11346002)(2616005)(476003)(71200400001)(71190400001)(83716004)(229853002)(2906002)(76176011)(3846002)(26005)(97736004)(14444005)(25786009)(66066001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4267; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: OFGVBHyMFRJSrif4haq9dAqaq6TIeDtXSDQ3DKICqMW41pOG7Pi6KJV/xYSQEs+iZ0wQfrMNcLbV+Q/aR8z84j44uxJ1qfANFHntrj8QSt16AkrNK/mEtSXGEB7kSrtbgpYT3W1SHTjhO7v/O20o21KkY1hXzWUNEkV/xCOz5romzM0xoxu+mnS9vvpxhlS0gCBaEWiRXup1bWz8lqDI+Gm1db8Cw1QXsnnflPGFd3OX6rt8zbSKSBRWmOELCyODUPaKPNn8w0IO7QV2N8wxq+wcNmTnnTstXyIjtdmwfpMIrfaEULmCM1poF/7wKz9IrYRjgjcCtbUwCatmRhVP9k2mGtGJmPH97EkNxtXqlMaAxd/ImLQdE67XATpTGwdGNh3WmD9duB9TzSzrJPDJXekKn74ys6Dk9pumbry9bG8=
Content-Type: text/plain; charset="utf-8"
Content-ID: <67058F8BFC3C4E45B81074AA7FD1B890@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 091197c8-dc03-4ac9-9cd3-08d6c3f6fe6d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 12:11:31.6380 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4267
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/a5VYv-pasOdfP1q8IsAgnHaF4TI>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 12:12:02 -0000

Hi Hannes,

On 2019-04-18, 13:01, "Hannes Tschofenig" <Hannes.Tschofenig@arm.com> wrote:

    Hi Goeran,
    
     [GS] The AKE for OSCORE clearly must support the same transport as OSCORE.
    
    No, it doesn't.

[GS] Strike "clearly", this is a requirement coming from use cases implementing OSCORE and in need for an AKE.
    
    > From first individual submission to the approved version of OSCORE, the introduction section states that OSCORE may or may not be used over TLS/DTLS.
    > (The approved version recommends the use of additional TLS for certain hops, but not over constrained networks.)
    You see what I am talking about...

[GS] No. 

    > OSCORE/AKE over TLS is similar to TLS over IPsec/IKEv2.
    You know that nobody uses IPsec / IKEv2 in an IoT context (even though some of your co-workers even argued for it some time ago).
    
[GS] The analogy I wanted to make is that security protocols may be applied at multiple layers on a particular leg of a communication path.
This has nothing to do with IoT context.

Göran

v2.23.0 | Report a Bug | By Email