IETF Logo Mail Archive

Re: [Secdispatch] EDHOC Summary

Göran Selander <goran.selander@ericsson.com> Thu, 18 April 2019 07:47 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7CE9120094 for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 00:47:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.023
X-Spam-Level:
X-Spam-Status: No, score=-1.023 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-x9TmQlKhbB for <secdispatch@ietfa.amsl.com>; Thu, 18 Apr 2019 00:47:22 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80042.outbound.protection.outlook.com [40.107.8.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3511120048 for <secdispatch@ietf.org>; Thu, 18 Apr 2019 00:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIfdFR/+RKMwYyGTXwrWKYjKGxYnzUNOaTzW2CqmjDc=; b=Y0uEsC0ONHCKXi86NwyWAR3he5/FdarqpCPL1ctMXvRL6F+OWS1j8J5a6JDm8/1XUVJ7plnADNS1SEpCyPiVzfp3JlU25wazeiOYyvVZQ/r7z85QICGk912pS6cNLgSGT0yWdC4w9LL/Zxkc3WMo036Vxps7CYzkKM3bs2Cl7xg=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1SPR01MB13.eurprd07.prod.outlook.com (10.170.251.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.10; Thu, 18 Apr 2019 07:47:18 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::c587:c2ec:e227:84fd%4]) with mapi id 15.20.1835.007; Thu, 18 Apr 2019 07:47:18 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Owen Friel (ofriel)" <ofriel@cisco.com>, Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Secdispatch] EDHOC Summary
Thread-Index: AQHU9bryBp4FMEo1v0OmeS0uE21muA==
Date: Thu, 18 Apr 2019 07:47:18 +0000
Message-ID: <8BCAAD78-74D7-414C-82B2-EFB98D711D1E@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.18.0.190414
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.213.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1332b7bd-193a-4d20-4b5c-08d6c3d21567
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1SPR01MB13;
x-ms-traffictypediagnostic: HE1SPR01MB13:
x-microsoft-antispam-prvs: <HE1SPR01MB13AFD79897E0671F44D89AF4260@HE1SPR01MB13.eurprd07.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(376002)(396003)(346002)(39860400002)(199004)(189003)(40434004)(8936002)(2616005)(110136005)(54906003)(6436002)(6246003)(71200400001)(71190400001)(486006)(58126008)(83716004)(86362001)(316002)(66574012)(102836004)(6116002)(476003)(85202003)(26005)(3846002)(6506007)(25786009)(478600001)(53936002)(81166006)(81156014)(8676002)(6512007)(97736004)(4326008)(66066001)(2906002)(14454004)(36756003)(186003)(82746002)(5660300002)(68736007)(5024004)(85182001)(99286004)(7736002)(305945005)(14444005)(256004)(33656002)(229853002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1SPR01MB13; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: xZaZ845f5LjCg2l+6FgUQUseiJl8yxm77qf6XvGzi3AsVlb+arX0C1i2XRpqO4z501IR3nZLWx4s57ThYhUwVePEiun9ygv2D4QHqheZoOqGXqmo3WaTlzAf3gjPd4Grh20L7qcqDviK9jKSq0BNyDCIizhkO3J5/7aNjCVNjCdQ70sgNNlx9Fgl86j70yKVxy2L7sXuKrNf1LVymV3UtEtWVZeDdTLluxXAhqeaKo+nQ5CzR3gbAKYinE+VK9RKk8c/4PHgOQBNTta5Bz5jNFIe8G9Yl0g+Ty+5nlQGVsi4WN5yVCgPFPcI1DId2XheThn+38U33K7i7DhHSy6btEF8aDVBFfIqTepZ0LWqKDQXC8qunb6Fh8Rme5PAqln/0zKQk5909a8IBRSzE4Z7iRUtn4fhRj/PRHBSlJDX6f0=
Content-Type: text/plain; charset="utf-8"
Content-ID: <2DCF198F7E51BD40BAE916DCE5211F73@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1332b7bd-193a-4d20-4b5c-08d6c3d21567
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 07:47:18.7772 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1SPR01MB13
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/bet0Qb3l078IzPrWulImECJjEmE>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 07:47:24 -0000

Hi Hannes, 

On 2019-04-16, 09:26, "Secdispatch on behalf of Hannes Tschofenig" <secdispatch-bounces@ietf.org on behalf of Hannes.Tschofenig@arm.com> wrote:

    >     Richard Barnes <rlb@ipv.sx> wrote:
    >         > I'd like to push back on this point. It may be that EDHOC has been around for
    >         > a while and been well-socialized with the IoT crowd, but it is clearly
    >         > deficient in several other types of maturity, e.g., robustness of formal
    >         > analyses and state of implementations (AFAICT).
     
    I would like to point out that initially the work on EDHOC was intentionally not positioned as a TLS replacement (or even competitor). For years I was told that it is supposed to be used in addition to and on top of TLS. Fast forward a few years the story is very different now. 

[GS] The AKE for OSCORE clearly must support the same transport as OSCORE. From first individual submission to the approved version of OSCORE, the introduction section states that OSCORE may or may not be used over TLS/DTLS. (The approved version recommends the use of additional TLS for certain hops, but not over constrained networks.) OSCORE/AKE over TLS is similar to TLS over IPsec/IKEv2.

Göran


This type of positioning helps you to avoid dealing with a number of folks in the IETF (in this case with the TLS crowd) but it does not help in the long run.
     
    Ciao
    Hannes
     
    PS: FWIW this is not the first time this has happened. ANIMA wasn’t any different when the proponents claimed that IoT was out of scope.
    
    
    IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose,
     or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email