Re: [Secdispatch] EDHOC Summary

"Owen Friel (ofriel)" <ofriel@cisco.com> Mon, 15 April 2019 20:48 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA15C12040E for <secdispatch@ietfa.amsl.com>; Mon, 15 Apr 2019 13:48:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ObrRq8j1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XT9SMu/m
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61BP-yAB1KeH for <secdispatch@ietfa.amsl.com>; Mon, 15 Apr 2019 13:47:58 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2E6E12040C for <secdispatch@ietf.org>; Mon, 15 Apr 2019 13:47:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10288; q=dns/txt; s=iport; t=1555361278; x=1556570878; h=from:to:cc:subject:date:message-id:mime-version; bh=WKkR8ViyZscHDBZTZgV7cj3uojch/JztrZqDLW0qP5Q=; b=ObrRq8j16jwxMRnjSRnNUjElo+UMwyu3RSAkngh5Gzuko9GJi7/lFncH aAEamm+OGKwab5xiJa9EIsZpgzCnS07X0b7KobgTpBiMKmO0QXfq3AiJh dBkbwhHaoNKYjZjONGW/sU2C+IxvZdeU1mISodCLmhkEx397wuhsaB0Xg U=;
IronPort-PHdr: 9a23:38obdxUzy0R9fkUITx3kjtnVtobV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSANSJ8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtank9Et5DWVtN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANAABw7bRc/5pdJa1mGgEBAQEBAgEBAQEHAgEBAQGBUgQBAQEBCwGBDi8pJwNoVSAECygKhASDRwOPF4JXkk+ES4EugSQDVA4BAS2EQAIXhWMjNQgOAQMBAQoBAgECbRwMhUoBAQICASMKEwEBNwEEDQEIGCcDAgQwFBIBBAENBQiDG4EdTAMNDwGeNAKKFHGBL4J5AQEFhQAYgg0JgTIBi0kXgUA/gVeCTD6CYQSBYRWCczGCJo0phDmUUwkCggWSMZRzi2aUGwIEAgQFAg4BAQWBUQE1gVZwFYMnggqBJAEJgkGKU3KBKY4oAYEgAQE
X-IronPort-AV: E=Sophos;i="5.60,355,1549929600"; d="scan'208,217";a="259208501"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Apr 2019 20:47:57 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x3FKlvMA014666 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 15 Apr 2019 20:47:57 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 15 Apr 2019 15:47:57 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 15 Apr 2019 15:47:56 -0500
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 15 Apr 2019 15:47:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WKkR8ViyZscHDBZTZgV7cj3uojch/JztrZqDLW0qP5Q=; b=XT9SMu/mQ5m8bqfu40B0LVbv7ggUL4UfjBKddfMQzxRb8ZA9YHrwvfAJFU7Of/M95Dv07XV6yAD4RCBbizOdgol10gFEFxR0Jp/EpESmK/kLJxyHqyeNitR8BDVW/NAKzbtbdr1Eksa3ATN2H3/zQivk2KeNIMiaGir4m4WEB+A=
Received: from CY4PR11MB1541.namprd11.prod.outlook.com (10.172.68.150) by CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.19; Mon, 15 Apr 2019 20:47:55 +0000
Received: from CY4PR11MB1541.namprd11.prod.outlook.com ([fe80::eda2:f25e:1e10:16a4]) by CY4PR11MB1541.namprd11.prod.outlook.com ([fe80::eda2:f25e:1e10:16a4%2]) with mapi id 15.20.1792.018; Mon, 15 Apr 2019 20:47:55 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Göran Selander <goran.selander@ericsson.com>, Richard Barnes <rlb@ipv.sx>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: Carsten Bormann <cabo@tzi.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: Re: [Secdispatch] EDHOC Summary
Thread-Index: AdTzyofk3GE/98irTDSVd9BUcvG+cw==
Date: Mon, 15 Apr 2019 20:47:54 +0000
Message-ID: <CY4PR11MB1541D6FD27E0FBD478FCF362DB2B0@CY4PR11MB1541.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com;
x-originating-ip: [173.38.220.58]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: be693c38-c185-42b4-dabe-08d6c1e3a2a6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600140)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR11MB1527;
x-ms-traffictypediagnostic: CY4PR11MB1527:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <CY4PR11MB1527F7544E6EE84ACAC55085DB2B0@CY4PR11MB1527.namprd11.prod.outlook.com>
x-forefront-prvs: 000800954F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(39860400002)(376002)(136003)(396003)(189003)(199004)(8936002)(97736004)(8676002)(6436002)(5660300002)(55016002)(6306002)(256004)(4326008)(9686003)(14454004)(54896002)(86362001)(14444005)(68736007)(7736002)(66066001)(316002)(25786009)(33656002)(478600001)(6246003)(81156014)(53936002)(81166006)(52536014)(74316002)(229853002)(2906002)(486006)(476003)(110136005)(3846002)(790700001)(106356001)(105586002)(6116002)(7696005)(54906003)(99286004)(26005)(186003)(6506007)(102836004)(66574012)(53546011)(71190400001)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1527; H:CY4PR11MB1541.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 1QWHkYsJPlVZ3H9HpdL32Mkk8PfHhveDeHo/6z++YFuDQs+WlzQ10UEpvzpjUIwDXNOtH3W0/jR7jKFbk08mSyLbMG/sp+4vaQvyFFTFioeoknXT/MMZS4almRWKmCAJTaScGiWM2PVCodSG99RGRlOvyc90RRmnYvjAoNgmKB5ASjTRlQ5IibihVMIo9V39Sz6BB30QcGFZ7FriAr1E2GGOp+75kQAEYFeUD7pc0McoX2faFR6iGVgr4zs1hcNe1KcSPFhpirDiDU+9DIUy+epy/i1WgYrx0eIE5T1jp4CEqHlY9pW44SJ92+0ukMBbW5Dbs87dzjmQ1E/TtJRSR8TRPM9IHIdN84vfLLSRy1ROLJWbrF5TtTCeETA7FFEdmSyipWhEaC/jELtHN6fMFmPYWNEWhirC8ol5mbKWSnI=
Content-Type: multipart/alternative; boundary="_000_CY4PR11MB1541D6FD27E0FBD478FCF362DB2B0CY4PR11MB1541namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: be693c38-c185-42b4-dabe-08d6c1e3a2a6
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2019 20:47:54.8923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1527
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/wqobJ9vsSBB2IU4xaln884y6mLM>
Subject: Re: [Secdispatch] EDHOC Summary
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2019 20:48:01 -0000

It seems as if a path forward is a new LAKE WG, not a specific EDHOC WG. Its pretty unanimous and uncontroversial that a lightweight AKE is needed for constrained networks. EDHOC and cTLS are two candidate LAKEs, but neither is a predetermined starting point, let alone winner, yet.

On 12/04/2019 00:08, Göran Selander wrote:
> Hi Richard,
>
> On 2019-04-11, 21:21, "Richard Barnes" <rlb@ipv.sx> wrote:
>
>     On Thu, Apr 11, 2019 at 3:15 PM Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
>
>
>     Richard Barnes <rlb@ipv.sx> wrote:
>         > I'd like to push back on this point. It may be that EDHOC has been around for
>         > a while and been well-socialized with the IoT crowd, but it is clearly
>         > deficient in several other types of maturity, e.g., robustness of formal
>         > analyses and state of implementations (AFAICT).
>
>     I want to be sure that I understand you.
>
>     Is it your opinion tha the IETF can not form a WG until after a protocol has
>     had formal analysis?  How many analysis?  How many years?  Which publications?
>
>
>     I didn't mean anything w.r.t. the formation of a WG.  Carsten's implication seemed to be that an EDHOC WG could deliver more quickly than, e.g., one using TLS as a starting point.  That's the point I was pushing back on -- I hope we agree that delivering
>      a final security protocol should be gated on robust analysis and multiple implementations.
>
> [GS] As I mentioned in my recent reply, given the changes you make to TLS to make message sizes on par with EDHOC, it is a new protocol so the statement about relying on the analysis of TLS is questionable. Comparing implementations there are clearly more of TLS, but, again, this is a new protocol.
>
> Göran
>
>
>
>     --Richard
grsdfsdf