Re: [Secdispatch] a proposed path forward on EDHOC/lightweight AKEs
Göran Selander <goran.selander@ericsson.com> Fri, 07 June 2019 08:52 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57A712001A for <secdispatch@ietfa.amsl.com>; Fri, 7 Jun 2019 01:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.031
X-Spam-Level:
X-Spam-Status: No, score=-1.031 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSRaj3faRSWp for <secdispatch@ietfa.amsl.com>; Fri, 7 Jun 2019 01:52:38 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150059.outbound.protection.outlook.com [40.107.15.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC4FA120099 for <secdispatch@ietf.org>; Fri, 7 Jun 2019 01:52:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r3ImGAG4SfvZNzc1DsGj7YDDFaF56dcr2V/RSvQyKxo=; b=bY9q34PnnvRGk1/m6a4+eogr52jJ8NAG/G6PyfoQtreuQheYcX4otm9V6lpgEX51edCmw46Jyf9FB3DRWtFcFqdO8CJZYFGCbKVVHAhuF1oxRQLztV0dV2erRSmgYVSzXk1v/csx/Ev+B3NXG3C9N/kEimLb0PyND2J7OuHFqjc=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB4153.eurprd07.prod.outlook.com (20.176.166.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Fri, 7 Jun 2019 08:52:35 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::8890:af24:bc53:9cb]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::8890:af24:bc53:9cb%7]) with mapi id 15.20.1965.011; Fri, 7 Jun 2019 08:52:34 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] a proposed path forward on EDHOC/lightweight AKEs
Thread-Index: AQHVGk1ytUkXXyarI0KNBUj9irgJuKaQCZ2A
Date: Fri, 07 Jun 2019 08:52:34 +0000
Message-ID: <05B1C8AB-0598-4CDB-A779-FF7D0E73AF77@ericsson.com>
References: <20190603204618.GD1902@prolepsis.kaduk.org>
In-Reply-To: <20190603204618.GD1902@prolepsis.kaduk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.213.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bdcfc7ab-1199-4148-6e11-08d6eb257c2b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB4153;
x-ms-traffictypediagnostic: HE1PR07MB4153:
x-ms-exchange-purlcount: 15
x-microsoft-antispam-prvs: <HE1PR07MB4153F71708897D8B733190CBF4100@HE1PR07MB4153.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0061C35778
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(396003)(136003)(346002)(376002)(199004)(189003)(53936002)(7736002)(256004)(6306002)(71200400001)(8936002)(83716004)(3846002)(6116002)(14444005)(2906002)(85202003)(476003)(2616005)(33656002)(66574012)(6486002)(6512007)(71190400001)(11346002)(486006)(229853002)(5660300002)(446003)(6436002)(81166006)(186003)(2171002)(305945005)(25786009)(66066001)(76116006)(110136005)(36756003)(68736007)(66446008)(66476007)(8676002)(64756008)(85182001)(82746002)(58126008)(81156014)(86362001)(2501003)(6246003)(6506007)(99286004)(966005)(478600001)(14454004)(102836004)(76176011)(561944003)(66556008)(26005)(66946007)(73956011)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4153; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: utaLoCn/K9y3FhrnvcoWIm9Ealqx0Ft2xrZxcUo5/XA1/iYfzvhEMD3bkeRb/khjKJbZ9fXW/iryzFena48tfj2ks/iym/NngQ/40foRj72jnFajzCAYD2L9Qbg4kf9cI0enNQFecPo1CTSMum2ovfeaX9iSHz8kQtcZQqPcu8xYpSsDCMo8doqDUJo6KkLMmgcGUTWHVuYwsyNlnzAahQ5Y9PSCZyQUvdC1T7EfEpTRDbYjEa26GyR8FRamIfcN6RGpmhGWzw6RCmkR+jPcf4ThDzTiF4JF+suzo2gyakmwQGOQpFs2xttfNOG13bbz9BoDQDCcU92a9mMglWkP3Lic/VqpqQ0D3t/YcJcPi+UvhnUEuAgaEHlRE65mcZgQsn0JkAWtvKnW/TthcSLGMF8pZg787QjW7cKM+vvsQAE=
Content-Type: text/plain; charset="utf-8"
Content-ID: <66A4D59C66DCA444953458CB00AAFF40@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bdcfc7ab-1199-4148-6e11-08d6eb257c2b
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2019 08:52:34.7682 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: goran.selander@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4153
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/xJTkOA6zfU0TcQPMYevg8IBUSVk>
Subject: Re: [Secdispatch] a proposed path forward on EDHOC/lightweight AKEs
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 08:52:42 -0000
Hi Ben, Roman, I support the proposed approach with some comments on the draft charter: What is clear from the inputs to this discussion and from your summary, but not clear from the charter text, is that this work is long overdue. Adopted drafts have been stalled for over 2 years pending the adoption of an AKE for OSCORE. The draft charter text expresses well that this work targets a lightweight AKE for OSCORE through a narrowly focused activity, but it lacks the sense of urgency. Aggressive milestones could add such information, but milestones are known to have become delayed, in particular if there is no support in the charter for not doing so. I would like to have a formulation in the charter expressing the timing aspect and that the role of LAKE is not to design a new AKE for OSCORE but to decide on an AKE for OSCORE out of existing specified protocols (or profiles thereof which does not change the formal security properties). For the same reason, I believe this part needs to be rephrased: "The WG will also evaluate prior work from the TLS WG and derivatives thereof, and draft-selander-ace-cose-ecdhe." As I read "derivates thereof", any hitherto unseen proposal loosely coupled to prior work in the TLS WG - even with unknown security properties - is a valid input in scope of LAKE. Clearly, that could prolong the completion time significantly. Therefore, the scope of derivate work in the TLS WG that will be evaluated needs to be much more restricted, most appropriately by listing drafts like draft-rescorla-tls-ctls. If people were interested in making a key exchange protocol for OSCORE they have had the chance for many years. If there is not even a specification by now, I think the stakeholders - the users of OSCORE - agree that it does not fit the timeline for this work. Göran On 2019-06-03, 22:46, "Secdispatch on behalf of Benjamin Kaduk" <secdispatch-bounces@ietf.org on behalf of kaduk@mit.edu> wrote: Hello! In late March, we summarized our perception of the information and discussion that came out of the interim meeting [2], and solicited feedback on proposed next steps [1]. Our proposed next step at that time was to “charter a narrowly scoped, short-lived WG … with EDHOC as a starting point”. Since then, we received additional feedback, both on the summary and the approach, including: * Support for the proposed approach in the form of: - Numerous individuals (>15) supported the proposed approach - A WG consensus endorsement for the approach from the CORE WG [3] - A reminder that the 6TISCH WG has consensus to use EDHOC in two WG drafts [6] and that it has been discussed in the WG since IETF 97 [7] - Interest in EDHOC for LPWAN [8] and for use in the Intelligent Transportation Union (ITU) [9] - Publication of draft-selander-lake-reqs to clarify requirements * Challenges to the proposed approach in the form of: - An individual supporting the formation of a WG, but defining no starting body of work - Questions on whether the design constraints are sufficiently well understood to evaluate solutions [12] [13] – rejecting “as low as reasonably possible” [10] or “as cheap as possible” as requirements - Proposals to use a TLS derivative as an alternative to the EDHOC starting point - Publication of draft-rescorla-tls-ctls - Publication of experimental code designed to explore CTLS [11] - Spirited exchanges on the details, specificity and validity of lightweight AKE designs constraints, and real-world needs - Caution about the efficacy of narrow WGs [14] and the experiences of TCPINC [5] As a result of this feedback and related discussions, we continue to feel that there is support for the stance that developing a lightweight AKE (LAKE) is an important problem to solve. Furthermore, we also feel that there is energy and interest to work on a LAKE, and that a focused WG is the right structure to find a solution. Another key ingredient for success is a tight partnership with the WGs which have requirements for such a LAKE. In our assessment, at present, design constraints from these requirements holders do not appear to be sufficiently precise to allow the evaluation of alternative approaches. A focused WG should be able to tease apart the requirements from the various use cases into a form that is precise enough to evaluate alternative approaches. As a starting point, we would propose to charter a LAKE WG as follows: ==[ CHARTER ]== Problem Constrained environments using OSCORE in network environments such as NB-IoT, 6TiSCH, and LoRaWAN need a ‘lightweight’ authenticated key exchange (LAKE) that enables forward security. 'Lightweight' refers to: * resource consumption, measured by bytes on the wire, wall-clock time to complete, or power consumption * the amount of new code required on end systems which already have an OSCORE stack Goals This working group is intended to be a narrowly focused activity intended to produce only at most one LAKE and close. The working group will collaborate and coordinate with other IETF WGs such as ACE, CORE, 6TISCH, and LPWAN to understand and validate the requirements and solution. The WG will also evaluate prior work from the TLS WG and derivatives thereof, and draft-selander-ace-cose-ecdhe. Program of Work The deliverables of this WG are: 1. Design requirements of the LAKE in constrained environments (this draft will not be published as an RFC but will be used to driving WG consensus on the deliverable (2) 2. Standardize a lightweight authenticated key exchange (LAKE) for suitable for use in a documented class of constrained environments ==[ CHARTER ]== We seek your feedback on this proposed approach. Please share your comments by Tuesday, June 18. To keep momentum going on this topic we plan to request a BoF slot at IETF 105, though the agenda for such a slot will depend strongly on how the mailing list discussion proceeds. Regards, Ben and Roman References [1] https://mailarchive.ietf.org/arch/msg/secdispatch/Kz_6y6Jq4HsWxglsUHafWjXIm0c [2] https://mailarchive.ietf.org/arch/msg/secdispatch/9AfqrecZfFMlMGxSXOo4ENZtrVk [3] https://mailarchive.ietf.org/arch/msg/secdispatch/7UufjMgpCTifzoAmVeIDaT7bUuk [4] https://datatracker.ietf.org/doc/draft-selander-lake-reqs/ [5] https://mailarchive.ietf.org/arch/msg/secdispatch/G2zo1cyO3AOhbPuM2r5pqVNI5hI [6] https://mailarchive.ietf.org/arch/msg/secdispatch/nHQhxQ1v40HJ_8LuHvu3mC7b9Vg [7] https://mailarchive.ietf.org/arch/msg/secdispatch/E0M1msLAmkSACB6T6wcG5h28XXE [8] https://mailarchive.ietf.org/arch/msg/secdispatch/lMykdmZSoTFrHPuiU5F1EUlb7h8 [9] https://mailarchive.ietf.org/arch/msg/secdispatch/hihSp2ePB_kvl7Q8_tZ1DqMSRbI [10] https://mailarchive.ietf.org/arch/msg/secdispatch/oXgki50_RNS7LNwEgYqjJOkBxF8 [11] https://mailarchive.ietf.org/arch/msg/secdispatch/s_AH1H73gttLv9XDCBaqLynMJ64 [12] https://mailarchive.ietf.org/arch/msg/secdispatch/vi55JLn-4XVuSOFUC6j28xcmePo [13] https://mailarchive.ietf.org/arch/msg/secdispatch/oDmByIB_zRqZ316Vw6HyLyA_Jww [14] https://mailarchive.ietf.org/arch/msg/secdispatch/6vnv7ZTEHw1JAdldn7qQz17YxBw _______________________________________________ Secdispatch mailing list Secdispatch@ietf.org https://www.ietf.org/mailman/listinfo/secdispatch
- [Secdispatch] a proposed path forward on EDHOC/li… Benjamin Kaduk
- Re: [Secdispatch] a proposed path forward on EDHO… Michael Richardson
- Re: [Secdispatch] a proposed path forward on EDHO… Göran Selander