Re: [Secdispatch] FW: [secdir] EDHOC and Transports

Göran Selander <goran.selander@ericsson.com> Mon, 18 February 2019 17:02 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DBE129A85 for <secdispatch@ietfa.amsl.com>; Mon, 18 Feb 2019 09:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.321
X-Spam-Level:
X-Spam-Status: No, score=-3.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=EZ3NWE3F; dkim=pass (1024-bit key) header.d=ericsson.com header.b=QfeLG357
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yUOqmw3SQoL for <secdispatch@ietfa.amsl.com>; Mon, 18 Feb 2019 09:02:57 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8FA129B88 for <secdispatch@ietf.org>; Mon, 18 Feb 2019 09:02:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1550509374; x=1553101374; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Oj9uxDHtZZzhJNmrXkvbAWQH9ZasdIEzNGqognAj+KE=; b=EZ3NWE3Fgz+8F0zBtus8FalOZ1qFqVLyc/8e7kQefFrGWOhYYjve8ZV1QF/wZW0k FwSKYNMPjRPEHAkEM3DLWgknNm5WjQsD6ua/DKNfNsCIw8yz/LCkVwKdDvyaBEYu 849xXMhiYVEvnadMP/XjYrnPPj6ccvrkRdShrF2htT0=;
X-AuditID: c1b4fb30-41b3a9e00000355c-d5-5c6ae53e9805
Received: from ESESBMB503.ericsson.se (Unknown_Domain [153.88.183.116]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id E9.B1.13660.E35EA6C5; Mon, 18 Feb 2019 18:02:54 +0100 (CET)
Received: from ESESBMR503.ericsson.se (153.88.183.135) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 18 Feb 2019 18:02:49 +0100
Received: from ESESBMB502.ericsson.se (153.88.183.169) by ESESBMR503.ericsson.se (153.88.183.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 18 Feb 2019 18:02:49 +0100
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 18 Feb 2019 18:02:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oj9uxDHtZZzhJNmrXkvbAWQH9ZasdIEzNGqognAj+KE=; b=QfeLG357LOZN5WSKR/ur9CDeJ934x1Jgn7pf2/7pA7uPEzDuMNPdQxm2j/Z8hszjHl5Q1wjVjgKFCpwSda6gG7Q9B704rG+qJJ8PtxVP5uCX0kMtcmNbmhwOJQZOH+woZPbONBaKUP0WzB67nX9hD4TSmfGl/rwCDgi/JXt1rT4=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB0956.eurprd07.prod.outlook.com (10.162.27.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.11; Mon, 18 Feb 2019 17:02:47 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::68c4:9b7b:a2ad:8b5a]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::68c4:9b7b:a2ad:8b5a%3]) with mapi id 15.20.1643.012; Mon, 18 Feb 2019 17:02:47 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Richard Barnes <rlb@ipv.sx>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Secdispatch] FW: [secdir] EDHOC and Transports
Thread-Index: AQHUthCDhebyfOSbN02uG8xy8Azf6aXfi4+AgAFqk4CAADIRgIAE0/kA
Date: Mon, 18 Feb 2019 17:02:47 +0000
Message-ID: <B9BFFBF0-7686-4887-AD84-46B2A182B31B@ericsson.com>
References: <4FA72889-F601-4255-962E-9A13E932EE21@ericsson.com> <CAL02cgTM93+ij+ottP_xR+OTvdj3S+pCKNOAAjEsj8Srt7EeYA@mail.gmail.com> <998ABFEF-7E5B-4B91-80DB-20ED43DE9A5C@ericsson.com> <CAL02cgQFyB4YOMr=hDdTVQ6Vc8LFo+RxVB9JA2EucdRK8_-wbA@mail.gmail.com>
In-Reply-To: <CAL02cgQFyB4YOMr=hDdTVQ6Vc8LFo+RxVB9JA2EucdRK8_-wbA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.15.0.190117
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [192.176.1.95]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a5f84e87-aa17-46a3-73ba-08d695c2e873
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB0956;
x-ms-traffictypediagnostic: HE1PR07MB0956:
x-microsoft-exchange-diagnostics: 1;HE1PR07MB0956;23:J4iPsMmha8VVORghUiL3xVZ7PCLRY0bXzu3anLM5rz7AmWGvSUTeLNjpDyx7Y3UViHDcTtiHuPwfOb5stOKhW9LdVw2hcLX2OzOtucRL7b7GCbyx5KsYYm019RerJt8S7ezC9ebXiC4DcmLbQyz+lOCDEc/Dw9KCgz8oHkNf/SpnTD4S3+iy05vtRfOPMIBMAwLLB0qXZ3e0G3VfANyBxM2ZbnEktgxtjcGMR4MHPNs/wsZXFbqlM4TctHa6NjgUF+BeH0BBo+T1XuuhKYqQizX6SYxNBsI7eblOU/bCp0WLYQ1fa3ZGg/jxWhKNOXOUCvvKViHJViwpkhYuO5s1Nqro6pa5yNOOF5d2xFH+gcGh8n77VBHi+s1LRqQk6S82kmEsIa0aC65IRG9ZuOYznuHjF+VAL8TrfAsFfSkZXoCpqwGHjjH6dLMhQ/Nu3FOSp7/skSakXKxBsYS1zvjGGtTPyQN84Q4VNkwg2goaKTJJcW4FpRdAYQNzbw4sNvqtYFi2A10pwR4qcGutVYZuluuh820sIoK1dTk1VX8cJOjjdxAKjbnR+kgpiYnH4Gn2PoyBuIX/IDiINoDy0D8FFFaNpyBpIiKzFCmdaWy8NmCpT6QcsR7njF1AP4mA14saKhjcMBCAYK/kMaMbtFdWeoKXN9jw3U/bzsSaX+JecTcKknuF9B5ylXhQujvIRXjadys4XypAcJNH4rRGUgw369EjH/XJIsv0/ObaSq7vLsQyjUUM4nBieV22KuJmjqee1n6fvGbNUg66N0dNevEy1LfN1NkG98NU+Cdhv9QqTFR/EGRigSZXH0TNII8F//hU3DxMxiv9u43VobUvqplcyfrYpyMJfIgYQqeYygCVc7pzbjLv04otCj1i6lonYlrb/bCMsX6WEoBRwruwxOsZ+Z6x6Zt/4RV0RbKFmiOUq4AXZjgEuCZAaQh3smCm7SfEILiAPG3nlg6uoUC9y04F7PTn3WeN/VCRfs8diliQ7bQR0uC3bz7HFRUYszqOAFzZdAA8t2vMfZ7rcXuyOg/9YiXdjLAhrhOUqq4NwpjOTPG3nw7GAxsd4y1cWx4I/OJxMPct79cc38s1XsDTH2jMC5kxzqigfOmVD+dOYrzPUVKov6AudIlHScl3pL0A1x1wy9GrK1K2esy8FMQkqSPmkl08wtcehtUnXcvmI2/KZs1ugy1dkFRhDPS92E0zfksZwaSSe+uORZA4T6vkmmvmNZifUSW9FOqDgBLVtTlS2nTZbDoaMiwK08/ra/roJa5k4O/VfsT6gzn7GvPMJ4sqRVmqYEwPMPWhxvL7OaT6zMpUGnErA8NJAO+JEo+R3nSe68jF9Ry+I+zfcBVY73NXi1vyo+tjPh2nKvwhUIzwXWpn76VRoEIwU8IVyAunzsmYuxmI9HoBABKStVTuXa+ETg==
x-microsoft-antispam-prvs: <HE1PR07MB0956F836955099786E5D4979F4630@HE1PR07MB0956.eurprd07.prod.outlook.com>
x-forefront-prvs: 09525C61DB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(39860400002)(376002)(366004)(136003)(199004)(189003)(6116002)(102836004)(3846002)(76176011)(6486002)(186003)(71190400001)(83716004)(71200400001)(8936002)(26005)(99286004)(6436002)(36756003)(229853002)(6246003)(316002)(97736004)(93886005)(53546011)(53936002)(68736007)(14454004)(85182001)(86362001)(14444005)(256004)(33656002)(6506007)(66066001)(4326008)(54906003)(25786009)(7736002)(81156014)(81166006)(8676002)(6512007)(106356001)(85202003)(105586002)(54896002)(486006)(5660300002)(478600001)(446003)(82746002)(6306002)(2616005)(58126008)(476003)(236005)(11346002)(66574012)(6916009)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB0956; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Fn/z2fkPlcimtwgGLiMnyFtAGDfkzjYxXLU3wSeGDk0Kden6xJ6wgRz4jt5MWLVJN0VR2edgwGWpcvwef184jRKWzS12ywVD2KUbynar0uauzlkM7EcWzgSqd4EcIZUIRVxQdMxrXRMpfCwfSg+6RGbTLLTkalSE7I0iGgkzprvQzFoiDquuJh7mD3co1cbQ6t+sHKU10Y1h13Mtpmd4abesCeFscizOKTol3hiiosfFmJF5svijwtcI9lEVy1jI+BOdAQL5WJkyjny3e63lqN7iyf2b8b9N1UNe9poEhSB/HzRIkI9tl7/4yuB/9UqXiH7mYiyUi0kX5pTYO6tUqHGzu1trkV3dLwb0oHOaIeNy/eY4+JK4riSH9WgmxOwg1f1HIEP4UaD7STG2UNZRwc7rUtnaixvNmQWkl5BPLFo=
Content-Type: multipart/alternative; boundary="_000_B9BFFBF076864887AD8446B2A182B31Bericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a5f84e87-aa17-46a3-73ba-08d695c2e873
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2019 17:02:47.4157 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB0956
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRjG+c45m8fR6nNqvlhWDgoVciqJQs4UQvzH0oKyGNnSk7e5yY5K CoWZlpdS01QclpmCJuZdNC+QIwyTtJR0qXjPsoukxtYwsrmzwv9+z/c+z3uBjyZFz3mOdKwy iVEr5QoxX0CVh3cmHfX/GCfzyO/Z7WvQ3yV9S/Klvg3jE7wAMrimxkgEF7doqFDiosAvilHE pjBqif9lQUzHYqZVYrfq2tY4Px11KnKRNQ34GNRXrRG5SECL8EsEo+29FCf0CIzT93n/xerA MuJEDQE6wyy5LShcSEJVX6slU0TA7MgkyYkFBKXTY7ztMXx8EubSF4httsMHYWhizvxO4jMw mzlDbrMt9oPSgkUrziOF+Y03iOMgqGuZNDOFD0Pb3A8zC/EJ+Kxrswy7RcCvqXpzU2scBhtT GeamCO8Fw+sGghvmAJNLlQR3N4aa3hGSY3tYWfxjztpjCWzWDlFc9hJkNKbzOc8hyHnxzZJ1 gtHKPNMStIlDYHnKvAPgDwj6lt5b/G6Qn/uM4gqPbKFn+q1lWDxkl32xhPdD17pPIXLX7FiP 40iYMf4kNeY7bWCwfInSmBIkdoWmbglncYYHefNWHLtAVsVDCwdD8Wo/f6fnMaLrkT3LsFcS or283Bl1bCTLqpTuSiapFZk+VH/7pkcXWvkUqEWYRuJdwuHxOJmIJ09hUxO0CGhSbCcc0Jme hFHy1DRGrYpQJysYVov20ZTYQfhbZCMT4Wh5EhPPMImM+l+VoK0d05FrcZ3gdliTtowvHYma 2arPHujkrTglK3RHqnq/W0l8AlW4lT2tTXYbcB58dar/3h1D1o2GAEnIuvRJ7WjOnpU2vuz4 +bihs1c7XMSrY0VPjesVednvJi5oAkSlnhFpZdU3CyZ8orIOlDR7V8/rvbutg/TXNaFfzzUO r+U1b7SEiyk2Ru7pRqpZ+V/n1d7wTAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/lcxVTPTOuDFhbmIX-f-N9Zs67Ag>
Subject: Re: [Secdispatch] FW: [secdir] EDHOC and Transports
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 17:02:59 -0000

Hi Richard,

From: Richard Barnes <rlb@ipv.sx>
Date: Friday, 15 February 2019 at 17:19
To: Göran Selander <goran.selander@ericsson.com>
Cc: "secdispatch@ietf.org" <secdispatch@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Secdispatch] FW: [secdir] EDHOC and Transports



On Fri, Feb 15, 2019 at 7:13 AM Göran Selander <goran.selander@ericsson.com<mailto:goran.selander@ericsson.com>> wrote:
Hi Richard,

Thanks, that is a fair question to ask on behalf of those who are new to the subject.

The short answer is: Yes, we have counted every byte of the TLS handshake and, no, we don’t think it is possible to support the same radio technologies as EDHOC do, unless you change some assumption which impacts the security analysis of TLS.

This is the part that worries me.  It would be helpful to be very crisp about what assumptions are being changed here, and why it's OK for them to be changed.  Especially given that the Bruni et al. paper seems to have found flaws. Your point about CBOR isn't relevant here.  Re-encoding is fine; it's changing the AKE that necessitates a whole bunch of new analysis.

Perhaps I was unclear: We are not proposing any changes to (D)TLS 1.3. We believe that making (D)TLS 1.3 AKE fit into small frames requires changing some assumption of the protocol which, as you say, would necessitate a new analysis of TLS. The point about reencoding is about inefficiency or incompatibility, which are both relevant for the overall discussion, but not about security.

The paper you mention analyzed version -08 of EDHOC and, essentially, the expected security properties hold. All comments from this analysis are addressed in the updated version of the protocol. Section 4 of the paper describes the security properties. Their main concern was related to the application data sent by party V in message #2 (APP_2 in -08) being encrypted, which may mislead application developers that it is protected for the intended party U, but party U is not authenticated at the time of sending message #2. Later versions of the draft emphasize how to handle data which is not protected (see Section 8.4 in -11) and the APP_2 message field is renamed UAD_2 (Unprotected Application Data).

Finally, to be totally honest, I find the EDHOC spec pretty inscrutable.  A little more prose to explain what's going on would go a long way toward helping this discussion be productive.

What part of the draft did you find difficult to understand?

Göran