[Secdispatch] a proposed path forward on EDHOC/lightweight AKEs
Benjamin Kaduk <kaduk@mit.edu> Mon, 03 June 2019 20:46 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 392F712001A for <secdispatch@ietfa.amsl.com>; Mon, 3 Jun 2019 13:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s5mk8l3iu82E for <secdispatch@ietfa.amsl.com>; Mon, 3 Jun 2019 13:46:23 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E70212086E for <secdispatch@ietf.org>; Mon, 3 Jun 2019 13:46:23 -0700 (PDT)
Received: from prolepsis.kaduk.org (c-24-16-119-19.hsd1.wa.comcast.net [24.16.119.19]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x53KkIfF032714 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for <secdispatch@ietf.org>; Mon, 3 Jun 2019 16:46:21 -0400
Date: Mon, 03 Jun 2019 13:46:18 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: secdispatch@ietf.org
Message-ID: <20190603204618.GD1902@prolepsis.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/zug9SCdn6prNdKvwX-ys3ZIg84s>
Subject: [Secdispatch] a proposed path forward on EDHOC/lightweight AKEs
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2019 20:46:30 -0000
Hello! In late March, we summarized our perception of the information and discussion that came out of the interim meeting [2], and solicited feedback on proposed next steps [1]. Our proposed next step at that time was to “charter a narrowly scoped, short-lived WG … with EDHOC as a starting point”. Since then, we received additional feedback, both on the summary and the approach, including: * Support for the proposed approach in the form of: - Numerous individuals (>15) supported the proposed approach - A WG consensus endorsement for the approach from the CORE WG [3] - A reminder that the 6TISCH WG has consensus to use EDHOC in two WG drafts [6] and that it has been discussed in the WG since IETF 97 [7] - Interest in EDHOC for LPWAN [8] and for use in the Intelligent Transportation Union (ITU) [9] - Publication of draft-selander-lake-reqs to clarify requirements * Challenges to the proposed approach in the form of: - An individual supporting the formation of a WG, but defining no starting body of work - Questions on whether the design constraints are sufficiently well understood to evaluate solutions [12] [13] – rejecting “as low as reasonably possible” [10] or “as cheap as possible” as requirements - Proposals to use a TLS derivative as an alternative to the EDHOC starting point - Publication of draft-rescorla-tls-ctls - Publication of experimental code designed to explore CTLS [11] - Spirited exchanges on the details, specificity and validity of lightweight AKE designs constraints, and real-world needs - Caution about the efficacy of narrow WGs [14] and the experiences of TCPINC [5] As a result of this feedback and related discussions, we continue to feel that there is support for the stance that developing a lightweight AKE (LAKE) is an important problem to solve. Furthermore, we also feel that there is energy and interest to work on a LAKE, and that a focused WG is the right structure to find a solution. Another key ingredient for success is a tight partnership with the WGs which have requirements for such a LAKE. In our assessment, at present, design constraints from these requirements holders do not appear to be sufficiently precise to allow the evaluation of alternative approaches. A focused WG should be able to tease apart the requirements from the various use cases into a form that is precise enough to evaluate alternative approaches. As a starting point, we would propose to charter a LAKE WG as follows: ==[ CHARTER ]== Problem Constrained environments using OSCORE in network environments such as NB-IoT, 6TiSCH, and LoRaWAN need a ‘lightweight’ authenticated key exchange (LAKE) that enables forward security. 'Lightweight' refers to: * resource consumption, measured by bytes on the wire, wall-clock time to complete, or power consumption * the amount of new code required on end systems which already have an OSCORE stack Goals This working group is intended to be a narrowly focused activity intended to produce only at most one LAKE and close. The working group will collaborate and coordinate with other IETF WGs such as ACE, CORE, 6TISCH, and LPWAN to understand and validate the requirements and solution. The WG will also evaluate prior work from the TLS WG and derivatives thereof, and draft-selander-ace-cose-ecdhe. Program of Work The deliverables of this WG are: 1. Design requirements of the LAKE in constrained environments (this draft will not be published as an RFC but will be used to driving WG consensus on the deliverable (2) 2. Standardize a lightweight authenticated key exchange (LAKE) for suitable for use in a documented class of constrained environments ==[ CHARTER ]== We seek your feedback on this proposed approach. Please share your comments by Tuesday, June 18. To keep momentum going on this topic we plan to request a BoF slot at IETF 105, though the agenda for such a slot will depend strongly on how the mailing list discussion proceeds. Regards, Ben and Roman References [1] https://mailarchive.ietf.org/arch/msg/secdispatch/Kz_6y6Jq4HsWxglsUHafWjXIm0c [2] https://mailarchive.ietf.org/arch/msg/secdispatch/9AfqrecZfFMlMGxSXOo4ENZtrVk [3] https://mailarchive.ietf.org/arch/msg/secdispatch/7UufjMgpCTifzoAmVeIDaT7bUuk [4] https://datatracker.ietf.org/doc/draft-selander-lake-reqs/ [5] https://mailarchive.ietf.org/arch/msg/secdispatch/G2zo1cyO3AOhbPuM2r5pqVNI5hI [6] https://mailarchive.ietf.org/arch/msg/secdispatch/nHQhxQ1v40HJ_8LuHvu3mC7b9Vg [7] https://mailarchive.ietf.org/arch/msg/secdispatch/E0M1msLAmkSACB6T6wcG5h28XXE [8] https://mailarchive.ietf.org/arch/msg/secdispatch/lMykdmZSoTFrHPuiU5F1EUlb7h8 [9] https://mailarchive.ietf.org/arch/msg/secdispatch/hihSp2ePB_kvl7Q8_tZ1DqMSRbI [10] https://mailarchive.ietf.org/arch/msg/secdispatch/oXgki50_RNS7LNwEgYqjJOkBxF8 [11] https://mailarchive.ietf.org/arch/msg/secdispatch/s_AH1H73gttLv9XDCBaqLynMJ64 [12] https://mailarchive.ietf.org/arch/msg/secdispatch/vi55JLn-4XVuSOFUC6j28xcmePo [13] https://mailarchive.ietf.org/arch/msg/secdispatch/oDmByIB_zRqZ316Vw6HyLyA_Jww [14] https://mailarchive.ietf.org/arch/msg/secdispatch/6vnv7ZTEHw1JAdldn7qQz17YxBw
- [Secdispatch] a proposed path forward on EDHOC/li… Benjamin Kaduk
- Re: [Secdispatch] a proposed path forward on EDHO… Michael Richardson
- Re: [Secdispatch] a proposed path forward on EDHO… Göran Selander