Re: [Secdispatch] DTLS - EDHOC ≈ DTLS
John Mattsson <john.mattsson@ericsson.com> Mon, 04 March 2019 01:27 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A42A130E6F for <secdispatch@ietfa.amsl.com>; Sun, 3 Mar 2019 17:27:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=M0imHpzi; dkim=pass (1024-bit key) header.d=ericsson.com header.b=jSz1oAN1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjDNUjNG1IQp for <secdispatch@ietfa.amsl.com>; Sun, 3 Mar 2019 17:27:28 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBCF91271FF for <secdispatch@ietf.org>; Sun, 3 Mar 2019 17:27:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551662845; x=1554254845; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DF17S9o/Ion/WlbYHlYWjRAWL2xAsP3aovU7z60E/uU=; b=M0imHpziFO+ANZC+/MbmXRsxRySFa7O4ok++TgEWn6D0u+WlF3HT6VjMFnhsNGpf y7CflOP6Zf13L0KFLpL6qhBMbIlHoIhfiDD76rAoBysEDPiGEfS1Nns8JpbTs3z8 irI4b3+0NmDz4xdjJvV5WG2eYwFBLW93/EVuVytxjHY=;
X-AuditID: c1b4fb2d-d9dff7000000062f-cb-5c7c7efd4bf3
Received: from ESESSMB502.ericsson.se (Unknown_Domain [153.88.183.120]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id CD.3B.01583.DFE7C7C5; Mon, 4 Mar 2019 02:27:25 +0100 (CET)
Received: from ESESSMB501.ericsson.se (153.88.183.162) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 4 Mar 2019 02:27:25 +0100
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 4 Mar 2019 02:27:25 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DF17S9o/Ion/WlbYHlYWjRAWL2xAsP3aovU7z60E/uU=; b=jSz1oAN14t39LIvdiJuR1Qd9xI51CPpYD3m4HfHxKH4u+UoNF9sKV7QdZzx2hetXXD44hybX40ZJLbD8xq6YrVsSNM43B3C5TxEnj6QXCitrO3/Flt2PkIGTvFsU+ow0NB+deRkfPmLLp4CD71Uvdi2lVY370ZeAN0o90Cbc8Pk=
Received: from VI1PR07MB4175.eurprd07.prod.outlook.com (20.176.6.24) by VI1PR07MB5888.eurprd07.prod.outlook.com (20.177.202.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.6; Mon, 4 Mar 2019 01:27:24 +0000
Received: from VI1PR07MB4175.eurprd07.prod.outlook.com ([fe80::5424:92d0:ef7:e047]) by VI1PR07MB4175.eurprd07.prod.outlook.com ([fe80::5424:92d0:ef7:e047%4]) with mapi id 15.20.1686.015; Mon, 4 Mar 2019 01:27:24 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] DTLS - EDHOC ≈ DTLS
Thread-Index: AQHU0ilr/eT1Cc3UFkWJ5M30fnkJTA==
Date: Mon, 04 Mar 2019 01:27:24 +0000
Message-ID: <7BD145B0-6B61-4868-8374-A4FB768BE692@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4843558a-1eae-49c4-1028-08d6a0408e54
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB5888;
x-ms-traffictypediagnostic: VI1PR07MB5888:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1;VI1PR07MB5888;23:46EWumcBQ3hPuFsv60aYWJV1npkTzbxx2tfi8uHIkQtq4qGRUR4PRuTICIIuC4Mbig5F81b5k443G034CdoJMVCwkAZfJB/ErMosUelXr1y9HNljg0MlaD/8l3ydkhxTY2taZT9i381wnA1yIFO29l2+iZWq9LqgOgwXISg7L9z+J+wAPoNpnC4Ibh12JCuN15wP2KMKAwSRrp+rwSOaLFEpA+iQTeQV0nzcA//NvVhXdLHpS2zC7eOMhX+U/xi07Cbupn2O9J4XfpyHrMAl2u6Ull194hf3BrAJdP3l2ysq98qTl0VHzxrY0NI3nUxBRey3gr+J/sSq12EwCcFNPoLA25cvuF75SJDDkHdilLTqU72WueCC/k/FMnazR7zDb1TiOtgY6H3oO0bqdJZADmP7hCVkm3Thce+WhWD5MXg1nOczTkHKp647aCB4Vy8vCPjqkba/qBzUIx49GPHnwBohRChHk4+uAFOE+VCxBQ3YDQYWD+3vSlskijelvZFJvnEbgUwoUsEbwrNBFHoJkEk+HHgjxR4mK7IEOWYUUg/cw/8mlI6h81RAyKhXj9xVPj74O1SQ2QaREHrGz9sOxHDM9jZbGNNzPqCqhDp8F/OpKEb0spp2meKqsKFvYBPChicTx2KeGUKH5NPhClJQ1rha3X1a/25e19+403jLiN878DlCM4L9jXzN4kVydVM08HoySVP9kWMo36ljOYtreWBbgG7KvLkgV3LNtAgh5GPZlIqxUwnj+54PR7Ni1m49RWmm3+svNFMOxwOa2S6F/+9dmtt8JzTyMVeLFVcQgPBTleDImS58CS9aodj26/fUr9YAtT3kWJk6mz/Zni/PARJL90XxezYR4liKmtsiT/eJZcvMkLrevTiQ072d5+ToRbox1haqnU8PM7J1VmGU9/ecxW2yuPIyghDs0t8HBF9exXd2Lge0lqDlo8xLIS9XSztButGKCMrvPRTSplbh7xBn230/UtKESiXOJRdG/HYiWaFk+ZfxeA7X9LELOmBQfUPISCLax30Sy63wFX9MbTp2yrYnIx7PLB8tbFNChnB/aJ8eAgM/MTll4DXml446jNrHaThnv33Pa5wg/pqXe7PXeMhHLYc8go5UFP1lveFRkcuWVFzGIcsn5iAlqGtcddZljoCXmMbrgN0/GsXnl0qnJHslhCiCy3N4boocHLkBKAvgvybZcVDwAtw+DP/lZTx84aFv/JjC3AEZBG5PfRJ7cNezK0JiEN2OwUl01Lb5llZu2APJsdfhJ7WbKnewfZ7h6Fmh7PuZ+uQ/hKkh4Q==
x-microsoft-antispam-prvs: <VI1PR07MB5888CEE3662B22993EB75A0989710@VI1PR07MB5888.eurprd07.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(346002)(376002)(396003)(189003)(199004)(68736007)(97736004)(5640700003)(6506007)(966005)(102836004)(66066001)(86362001)(6246003)(7736002)(305945005)(476003)(2616005)(58126008)(478600001)(14454004)(83716004)(2501003)(229853002)(33656002)(26005)(71190400001)(71200400001)(44832011)(6436002)(186003)(99286004)(486006)(6486002)(25786009)(105586002)(53936002)(6306002)(316002)(6512007)(14444005)(1730700003)(106356001)(8936002)(81156014)(81166006)(256004)(2351001)(3846002)(6116002)(5660300002)(36756003)(6916009)(2906002)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5888; H:VI1PR07MB4175.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 0M9K6nZNcW84o5CISHQxaK9NP32GTKB5T/W3dTLUOLyqaNxJe85zOJND8F/ffb5CJtuuWL0gPJIu74YyDILXm8IT5x9gTKRxElYRAdxZ+2lfbPeZgJhybM6T8+eT6FVxcZBLIK87aATSbR7UBGofeCKp8QnGZrXMqnG76ESxcduhd5bVZ+raM1mFTSjko9N3Z/wIkBmgSoPAMX7wNZZbROzv6Mtp+GiXLZEUiLHSCwTtXtvUFWtxglmDaBFVtBlYLbkom8DzsKSawsppZoU/eo+wL60zHw7bUSBbXR/P0KyNDDwefa/6BEppN8DVyj2AVRKfF/35tIYiyvBPZuiUspBuaD5cjJ3winvmqjTHa6zeh4HOD3skNHYJ7jldiOkaba5zlPKTUrNTNXxQk5tciHe7ZYL6rFuCO2+bkIyJf0I=
Content-Type: text/plain; charset="utf-8"
Content-ID: <DBDE5940455A3A40A1D759BA3A5617E7@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4843558a-1eae-49c4-1028-08d6a0408e54
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 01:27:24.4898 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5888
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRjG+XbO0eNy8G15edEuuqJSmNOUCAkrg9LAqH8sxNCRJzV16o6Z hpgQ3qaFibaUQqmBuoy8DO0yhEaWlks08bLMecsLmigqKXbb/Bb03+953uf9Xh74WEpSxHiw icoMTqVUJEsdhHTVpfYs2a/cnGj/htcHjjYODjEnUJhWuyk4j6KEx+K45MRMTiUPiRUmVMzP OKYti7N61H1UHtKL1ciJBRwE6u5KgRoJWQl+i2DkdjNFxDqCUrWZJuKJAAyWJcYmaFxGQVPx GkMmZQJYn5xzIMKCQLfSRtledsD+8MiQ52BjFxwAw2MjjI134nD4utBKE/8sbNX1M4T9QGsp 296l8X6YKSy37rKsCB+Hii9ym42wG/z40CiwMYXdwTxdIyAlMGgNvRRhV5if+r39pCuWg/7u OE12L0N+voYhGW/42FFvz++G/poSRDgCloxdjrYugEcQ9Go+2UO+UFU7ZT/mAV19nQwJdYrh QeGwfZAEpTOrNOFdsNk3hkholoH3hQ3bIQnmoO5Zvv3cHtDdmaDLkKz6v0bV1tIU9oHnr+TE DgPz40mGsDdUlEw42liExdBdNU3XIkaHXHmO51PiDwf6carEKzyfqvRTchktyPo/3ui3ZC/Q 04WTRoRZJHUWKaJzoiWMIpPPTjEiYCmpiyjktNUSxSmyb3Kq1BjV9WSONyJPlpa6i35KxNES HK/I4JI4Lo1T/ZsKWCePPBQRFVrcaspsjqUPBovfDdwP78gO2iH743OErz8UUXCtabH01laO p+Gz7zfz1b0xjbmbBfy5yMINzeKs4pRmORDrgvetU6FF1VC5SaU7D5WMrE6Ov5xr81priSw/ o8lNbzbd8JJ33TNdNFm+9wyOBqGHmsoWZNRfWHGTtm+MDkhpPkER4EupeMVf4BTsihsDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/rJqvstLHo7aLfu-ODril-wIVn_0>
Subject: Re: [Secdispatch] DTLS - EDHOC ≈ DTLS
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 01:27:31 -0000
Jim Schaad ietf@augustcellars.com; wrote: >Richard, > >You incorrectly translated the EDHOC protocol below. To help you and others, Appendix B of draft-selander-ace-cose-ecdhe-12 gives very concrete listings of EDHOC messages in CBOR diagnostic notation: https://tools.ietf.org/html/draft-selander-ace-cose-ecdhe-12#page-39 By copy-pasting and replacing ( ) with [ ], the examples can be used in the CBOR playground at cbor.me (note that this adds an extra byte to encode the array). And to clarify, the only estimates done in the EDHOC numbers are the length of the identifiers. The given numbers are the exact numbers of bytes you get when you use EDHOC with 4 byte key identifiers and 1 byte connection identifiers. A suggested encoding change for identifiers may lead to slightly smaller numbers for RPK in version 13. But, as stated earlier by Hannes, nodes and networks can be constrained in many different ways and are in fact often constrained in multiple ways. One of the main design goals of EDHOC was code complexity, by reusing CBOR, COSE, and CoAP we saw that it would be possible to do end-to-end security on the application layer with very low additional code footprint. The message size comparison was an action point from an earlier IETF discussion and is a very concrete way to illustrate the difference between EDHOC and (D)TLS. Another important aspect is that that COSE is a very good fit for IoT. COSE already supports much more algorithms, parameters, and labels optimized for constrained IoT than TLS do. As COSE has constrained IoT as the main use case, I expect this to continue being the case. Cheers, John
- Re: [Secdispatch] DTLS - EDHOC ≈ DTLS John Mattsson