Re: [Sframe] Key ratchting
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Thu, 06 October 2022 13:54 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BDDAC152567 for <sframe@ietfa.amsl.com>; Thu, 6 Oct 2022 06:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEut3jEbkfQU for <sframe@ietfa.amsl.com>; Thu, 6 Oct 2022 06:54:59 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 240B0C152564 for <sframe@ietf.org>; Thu, 6 Oct 2022 06:54:59 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id qw20so4111533ejc.8 for <sframe@ietf.org>; Thu, 06 Oct 2022 06:54:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+GuO9zGe4pTJs4SwrlEiD9tirhme+x9Nu1X2BNp2W+0=; b=T9xreRALjS1+E26hWSy0TgpzGycJuSUzdbikw/+cmtLWMkSfo0DluzzVDk3Z4KzG63 AWb3V25TdJsHTqMkn1Eqjb4LaSppklFyf8ZUKFzDFzD2X2dusrPUzb/lILy653rqBcd/ AzezqGjq7JRg+I3SSDyyE2/qkMyWjTDK3Ar9Zl2x7JqKn3QOd0ePb6fDGXOqTXf8HGjY 0yUuALLmM+XMVxux0ipX+fAbsIIF7vlvrmRHr3aTBflV3kLH35Qc3v/+H5G2+jOz+zin 8dG2J8Ie3WHYASIUqOlBkwwTbQ580urY7/UjRf9I7uzUmqLApEfH19k/RM0o42BZQraD GbiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+GuO9zGe4pTJs4SwrlEiD9tirhme+x9Nu1X2BNp2W+0=; b=LWy7xz8Nn0J1sHQ7ncSL8paEtFNjiwIu+KyR4vZvpDUOcCXMFE5xk+IBa5SPk5aJky jREAgC3MsAkxscXRK9cp/uxYHLewt3kCQQlrTWVrQkqte+Yd4klGjnD2DObHWZaGXqxZ McJXAJr0xLrTk54xw7qV3QW2G/eWPiFMLKJm4DUQHkhsYcJRXvbidsqfLR3p4PAcIL9r nQAVs4yqqx+tnzFNaeWxN+zlImv5yHE2Cwjj0aS6BbVK/JqLPXwhGgFVq68aU0JNR364 Zhf/t4dwTC+AnClfI9MyHH7LmDLy1iLellmbZjWWgsC4mqipQWlr2Mg6BUSZF7/71Wc2 3EuA==
X-Gm-Message-State: ACrzQf3rR/WEZcS3bJgqsCs9odc1BOy4oKstYCACQK1DI4o7xiIO8kiD s7n/VsWQuPESoPXavqhURKwCx2ESguEoa5fYpD0=
X-Google-Smtp-Source: AMsMyM5/N7B+CwbggE0n3JNSqnQregEb5Mi0w++j8ZDQqlomzE9tcp3jIkNPmX20MJAbjlDAyno1V/SqPF2YZPFumgM=
X-Received: by 2002:a17:907:96a2:b0:782:4072:19da with SMTP id hd34-20020a17090796a200b00782407219damr4043945ejc.398.1665064497525; Thu, 06 Oct 2022 06:54:57 -0700 (PDT)
MIME-Version: 1.0
References: <CA+ag07aZ-OoCpAQumj_TYDuiZ=RaBMiWiAi8MoUrYo4zmYuovg@mail.gmail.com> <CAL02cgTfh8=j=t_MZNTw+Mpmyym8UXr=rkjMNUKK_P2iH_F4DA@mail.gmail.com>
In-Reply-To: <CAL02cgTfh8=j=t_MZNTw+Mpmyym8UXr=rkjMNUKK_P2iH_F4DA@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Thu, 06 Oct 2022 15:54:46 +0200
Message-ID: <CA+ag07ZVX3r8bY-BmSvch=vkyXyWyerZ4Q8gBdSvAZEcinzgYQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>, Emad Omara <eomara@apple.com>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e754fb05ea5e099c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/vsC59HQ9-vXAgLgJDdVBKUO1ATw>
Subject: Re: [Sframe] Key ratchting
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 13:54:59 -0000
On Thu, Oct 6, 2022 at 2:40 PM Richard Barnes <rlb@ipv.sx> wrote: > > 1. Instead of allowing every sender to use the whole KID space, you could > segment the KID space as in the MLS-based case (so that KID would indicate > sender as well as generation) > That was my second question, would the SFrame stack need to know the sender for each KID to be able to "expire" a previous KID for the same sender? If so, should that information be passed in the SFrame API or should we carry the sender Id also on the SFrame header? (The later would allow to identify the sender of each packet) 2. Instead of ratcheting the keys directly, there should probably be a > ratchet_secret that gets ratcheted, and from which keys are derived. This > would avoid the keys being used with two algorithms (HMAC and AEAD). > I think @Emad Omara <eomara@apple.com> should be the right person to answer that question. Best regards Sergio
- [Sframe] Key ratchting Sergio Garcia Murillo
- Re: [Sframe] Key ratchting Richard Barnes
- Re: [Sframe] Key ratchting Sergio Garcia Murillo
- Re: [Sframe] Key ratchting Emad Omara