IETF Logo Mail Archive

Re: [Teep] Use of AES-CTR in TEEP?

Dave Thaler <dthaler@microsoft.com> Tue, 10 October 2023 18:36 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4378FC1519AD; Tue, 10 Oct 2023 11:36:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.112
X-Spam-Level:
X-Spam-Status: No, score=-7.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9i-PEoJtL3uG; Tue, 10 Oct 2023 11:36:20 -0700 (PDT)
Received: from BN3PR00CU001.outbound.protection.outlook.com (mail-eastus2azon11020003.outbound.protection.outlook.com [52.101.56.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFF7C151096; Tue, 10 Oct 2023 11:36:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d6y1zg5NqVAPKRV7LMKML3Ry4zUJBm15A4bQxZANF+JLKFM/t9oJIocwQIkyeWpzmFZZP+mpSDTDSueSq02jBZkfqKWL8kKsj1g8LSkMw0Sb+qDgaaw5PIJfTrGS7yEB2BNXuXsLkuDBHhVbo0GYX3cDStqvYZi9Fm5vrCFMukMcesHHs+SknfeOBxAmb0yKz0kd+46LVjwlqWkZWsU4pkOaDJ5/ig/wV7lfK2OyrFAdz0itB+TfVJiZC11Q8ZgAQqakBDDcmCdernaz6SJqeL7TRPygfeg/FTc1j399PgdoQspWJY/wB0pq19zC7KljKcZOdtvFSlCC5D9oJTOIwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k9YLvE+JWLB1g6McPxah2dcTOyT0K6lFLZVDv5JHbMM=; b=d6cbA2gWu3u1btqT/Yoae6zUJ40/0MSrIcW3sJHFWE8acfVjm83pL0ftMT8sf2HjF5PUM5t1DxGcArWp5eNQaClzEaGwG3XUp4UNoHX9DgDj6NhjUc4BMW38zlxoviyJ5svI6gD6yTRVSg60yNUHOL2ld6RVbYUdXoGUckBORBUnbPQiZlDQai6z8uODRO/rEbfDJp+BPYt6c5Rtevj341FrPzY6da9QC7bZCkySgZb8oGXdSny5lxXy62ph5Gq2acTN5LKsqpQWAUA0P91/zprNDQkEE73Pk9SbNCvCLHkhz4VpOl8eWj3ZI3//q5JlUYwKSkgvF4kauWon/qAf/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k9YLvE+JWLB1g6McPxah2dcTOyT0K6lFLZVDv5JHbMM=; b=GH1qXpJhiMr0ouU1s3DBLiyIyXkoydPcf5agYA+092GsDDStOJWoEUrmf2cwUJDD46vOfMv9bNzAXxLI5BItgWrD9cUmCWhm/kI+BgkGzb43K/9Vfrd4RFOpOOId1O3WfS4TX6QhFxvnyDwefbx7cv8us3NW+Ba1Vsnu2hAPA7w=
Received: from PH7PR21MB3878.namprd21.prod.outlook.com (2603:10b6:510:243::22) by DM6PR21MB1436.namprd21.prod.outlook.com (2603:10b6:5:25c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.5; Tue, 10 Oct 2023 18:36:17 +0000
Received: from PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::a9ea:70b4:adf3:9b08]) by PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::a9ea:70b4:adf3:9b08%4]) with mapi id 15.20.6886.016; Tue, 10 Oct 2023 18:36:17 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "teep@ietf.org" <teep@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Teep] Use of AES-CTR in TEEP?
Thread-Index: Adn4ckgIvxtwnCseTReGWgz3PV4GiACS5uoAAAFKB8AAHePIgAAZhdugAAC2GYAAABFiYA==
Date: Tue, 10 Oct 2023 18:36:16 +0000
Message-ID: <PH7PR21MB38789801F26D624F00EB588EA3CDA@PH7PR21MB3878.namprd21.prod.outlook.com>
References: <PH7PR21MB3878F05953BAF6113F429396A3C9A@PH7PR21MB3878.namprd21.prod.outlook.com> <488eb665-30fc-4be9-832d-0ccc8409db36@gmx.net> <PH7PR21MB387889BB6C524006BD889B07A3CEA@PH7PR21MB3878.namprd21.prod.outlook.com> <02e701d9fb3a$9bf15660$d3d40320$@gmx.net> <PH7PR21MB3878C1969D2493B0FAF140D9A3CDA@PH7PR21MB3878.namprd21.prod.outlook.com> <034801d9fba3$8b38d960$a1aa8c20$@gmx.net>
In-Reply-To: <034801d9fba3$8b38d960$a1aa8c20$@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c345a887-b59b-4ba3-9620-6b7d0cf2e643; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-10-10T18:01:37Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR21MB3878:EE_|DM6PR21MB1436:EE_
x-ms-office365-filtering-correlation-id: ed5b7230-c79f-48c4-5083-08dbc9bfca19
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oFIR9Nf1lKW/SBVBW1YSTVvkZ65oTR3tHdu0F638fmwD+A/is0xiWmpWfFi5r7ZUz3aRWB/XhfLzdJOO4FV6phC5NgCpCi/HIfNHtijzeliaouyH/a0uEaJP29hTK8vj/WbZuvZFZ0FF3DegKoG+6cSNsdUj8zOow8/ssn6euc6/0JrS2uGzgsHElBfEmjOb3paENEBuXI4cdItmfNOfX2SuWp5KliWe9owIMqXhFFcj4XTRuOBZxWu1rBJ5mzYc52qPhUMpeFJV1UijKKKaf5l6siQKKXdTyUOagEMEL2gd8cMVOTmRxgBEHLXv1mfBilnZ5FQ169qW8wGYf/INjh8rK2O5yl2xi7JkEfdSJUHcen7LpZXAU8KlxEehhZODaICB6fuiOeq7m4E3Vl1s9GD0UqQ8UcSZO13R7Skx+/wNh84R0dIVomXvmoMmA6yULYXC6atd6+BKeTeWdb6aDAboZE9N9aD/i6e6tzZRUkyH0qliVqx9O7QnzgD1LmEnN0oUAy7S839Z/GUbgpMKJOYOvmxpacQNCQ2T1FKdNUAJ95SN0kLRrE3R2FU2kscf1Wl0cjrqfLotREkQREwLOzMaPVKpIB6C12LT9rl4fG4q1nPYMp4MFq/Cs7m5oGJU3J1iq8iTonVXQHEW+TZdDA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR21MB3878.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(396003)(366004)(136003)(39860400002)(376002)(230922051799003)(64100799003)(451199024)(186009)(1800799009)(55016003)(8676002)(66446008)(66476007)(66556008)(66946007)(76116006)(64756008)(316002)(110136005)(8936002)(52536014)(5660300002)(10290500003)(478600001)(966005)(83380400001)(86362001)(41300700001)(71200400001)(2906002)(7696005)(6506007)(53546011)(122000001)(82960400001)(26005)(33656002)(9686003)(38100700002)(38070700005)(8990500004)(82950400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BsYV+93vsVsy/yfk301UmRaAN84+HsHGJKmdK5RStnqr5ccOI2I67fk1ullEXpnY8AJGT4p5LLswJa7D+zsP/B7hegz7i4XnzNrF1cvcC0hAKV16aaIjdfYAUw0oIr3vluqUFvMKFxL7CbPJPIQKAwEtG0en0U4TD6Q1PP6Aq5/8PpqVVaV3S7v2giZi03Mi22bMCERk7FP0r5tz6dLi0NmIdXIYjyCNe4miamBkBuxGygAXAesNtZEXLc7YFTWqIITB5o68/Bwik+W2cyztZba8c21h3YkZD7kaoO7E5EohguUlb+duPXEoPR/g6SMTS1i/Jfwg88sV4yEGNlmxmWT3N3m36/J6ChLTcyFcP2nQY9AP4S5uxBThHqW/s2BeLdr/ut2ecvBDAP6ry2VluCJ4FIQgi9aNBtFA6jshXKEGrowUhvOhv1C8H5XkMwEHuQyQ6EIGnH3KhkS+CCWQyieneKmeuGcewNz783HdCEwrPxoHsgr32dNfaZXs9k9nX5KM2ZwjRWkygTiFGuHVYMQ63oQlUUxnYlXG22q0jP7fWDS7ktnK5ZpwZXGV4R93WLueyjAO7196xxxZpCCZwbs+NAECQZSb3Tsm4aHLg3ZpKwfAYPvDgj5vcMFiX31E5KbUxdZKwaWbf7Th+7SKGEV6D6caVPa8LNq+kdhSot04AJY15fKcujSIj9nCHRMPf1TNFeRfMEMg+Lgd0KGJviNceP7/9oI/w0K1Gv/et4rt7BLzwHl1kAdFElmyn5YFsiUQoIRtMawFR0PlT5dVZIyMAA74XQDg9ULBNtJ7HFPDsy3jV5Xwci+ES0Uy3sRX4gtBDlZI3QpEyVpXa5W6hPj+oetrmdqnJUoPzyMHMdKtxkiXJ07WwjTd0yIs7YbLMEVVdr37BqY8o9VpDdZtnzki2VS9+iKEXlBqEYGMcprtki3XHYIy/jUT/7m7DQDyFBgfHJgCuDC86V7YtbpaXHj6g/Q3irATP/3LHlEK++38bOh5aeSobq2j17+dew/gMaD3UJgaCscdPRF8wnfdUYbfN6D20WcjugZ/BQjzSKBHHEa6BBRQHinCkfz1D2YF6Rwu1z+r2l60+K50pcTlfyphd+d4Nz2mmP45hL0AETzZX8D0gZ3+fC5srcGu6JS1SJ6FVNsIdJngUWz96ZqxBQu3qfId4NSjf/AE+4LRwLrz8EsEYLiat/y1Ib+KWl/PyrDwrY/6upJJSlOLY10esyCuxnko2E7JWw0vXKGnCOm5/pIpj6a8GP8zFBHeAb2UDI4Lz1HI8zZvmIYVr/hWjAiQy3Om7+RWZ0BUzs+jOS3gAHX+mdiWmIIiGcki2OK0sXtQ7HNx68zi6DRErmgcaTbJhNpjvO58zTbpTcq5/umgcla2Fa8Y32DUnTGQvWOzAmR5N2MaY2CFCvp3DJvnJ8BuRRDaGaTV5/PJNYzk4hnzUmSqISTXrWyNyqiAB3weoNVaKXRHEZj4/x4SM4zG1SvSwCe1gKj1BBFY+Eg6aNAbLdhL6Z+hj5Pna9Eij5wGvSnaF/Wv/eWtHXxITWruI36zjLIcaQg7v0EZpCOyuFdii9b0FjlbdI9eguzmqCMbaLTPw9HZWTEWnU/ijbJ52w==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR21MB3878.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ed5b7230-c79f-48c4-5083-08dbc9bfca19
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2023 18:36:16.9624 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Qo1ju+aA1FaChGAi6Z6ui7+ojbbgcOfmHK/rCFgUZumJ/JDuIraWebUyPnb1WvWKwckTxwc2+3UW1ogWcvMGJfFqutB6rdlzu2CBABe7BIs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR21MB1436
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Ogs0IbM9TiGN_5W_C1jX84O5K3w>
Subject: Re: [Teep] Use of AES-CTR in TEEP?
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 18:36:25 -0000

TEEP requires TAMs to support all MTI algorithms and allows Agents to pick among MTI algorithms
and may be constrained or not, support crypto offload or not, etc. hence the allowing of choice.

If I understand correctly, you're arguing that a TAM must support both
CTR and GCM, and an Agent can pick either one, and the suit-mti draft
should specify both profiles, did I get that right?

Dave


> -----Original Message-----
> From: hannes.tschofenig@gmx.net <hannes.tschofenig@gmx.net>
> Sent: Tuesday, October 10, 2023 11:00 AM
> To: Dave Thaler <dthaler@microsoft.com>; teep@ietf.org; suit@ietf.org
> Subject: RE: [Teep] Use of AES-CTR in TEEP?
>
> Sorry for the confusion, Dave. I have hit the "send" button a bit too fast.
>
> It should, of course, read "This adds no new requirements to constrained IoT
> devices."
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: TEEP <teep-bounces@ietf.org> On Behalf Of Dave Thaler
> Sent: Dienstag, 10. Oktober 2023 19:41
> To: hannes.tschofenig@gmx.net; teep@ietf.org; suit@ietf.org
> Subject: Re: [Teep] Use of AES-CTR in TEEP?
>
> Hannes wrote, regarding draft-suit-mti::
> > I would like to have a new profile added that defines
> > suit-sha256-es256-ecdh- a128gcm for use with TEEP.
> > This should be the default profile for use in TEEP.
> >
> > This adds new requirements to constrained IoT devices. Constrained IoT
> > devices should use one of the other 5 profiles already defined.
>
> Did I read that right, you want new requirements for _constrained_ devices?
> Your last two sentences seem to contradict each other, so either there's a typo
> or I'm not understanding.
>
> Dave
>
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.i/
> etf.org%2Fmailman%2Flistinfo%2Fteep&data=05%7C01%7Cdthaler%40micros
> oft.com%7C71df398b41a948f442ec08dbc9baab47%7C72f988bf86f141af91ab
> 2d7cd011db47%7C1%7C0%7C638325575811642807%7CUnknown%7CTWFpb
> GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6
> Mn0%3D%7C3000%7C%7C%7C&sdata=z%2BA0%2FHZQ7v%2Bi97e4R%2Bz7H
> qXwLE9q%2Bq93mb%2BNTXLtF%2F4%3D&reserved=0

v2.23.0 | Report a Bug | By Email