IETF Logo Mail Archive

Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

hannes.tschofenig@gmx.net Thu, 14 December 2023 09:18 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C58E2C14F5EC; Thu, 14 Dec 2023 01:18:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfDEdZsNOxzr; Thu, 14 Dec 2023 01:18:35 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88018C14E513; Thu, 14 Dec 2023 01:18:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1702545509; x=1703150309; i=hannes.tschofenig@gmx.net; bh=xVlJQYKljcqT5tavMXXAeXoj+lnWOuCUQvrrhMnjEQ8=; h=X-UI-Sender-Class:From:To:Cc:References:In-Reply-To:Subject: Date; b=fKYm8GvfWhDKMZfQu5PCRsp0ugCBNtaLPzTwKt0Q+V8SSt4ymfJ6H5p41qWeWnFo vXkYvlLPo/fL5ifU2Mq7A+Uq9HKDgWqol2wJHSUiUfR1sYfkwrK2XVCAxoK6uEGPf 35k23vNSIIpPR++O2671y6EUXzs+qY+BIVv2dDr4BKZIeJ09mNYqH4HMl8dNOA0PW UH4Uqojrzd7R7GaEGAT7VYb9sVxolyS6D5GyI8Or3e7CuRSixBt5sOd/NW9D14Z91 FJA1OPmrYp0vFo4PxMh/a+H/KqDzsOHlDKTcy8YMcl1wUYFPNv5NDbU9sHML3RW69 qHMaceaJv68qgBYyRA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([62.156.206.16]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MFsZ3-1qzBOc2LjL-00HRgm; Thu, 14 Dec 2023 10:18:29 +0100
From: hannes.tschofenig@gmx.net
To: 'Akira Tsukamoto' <akira.tsukamoto@gmail.com>, 'Brendan Moran' <brendan.moran.ietf@gmail.com>, 'Russ Housley' <housley@vigilsec.com>
Cc: suit@ietf.org, teep@ietf.org, 'Ken Takayama' <ken.takayama.ietf@gmail.com>
References: <08f701da2d9f$c043a6c0$40caf440$@gmx.net> <655A0104-EF30-42E4-862D-6D4D6E4FDDD9@vigilsec.com> <843e1218-8847-48cc-ada5-9b9cc50e17cf@gmail.com>
In-Reply-To: <843e1218-8847-48cc-ada5-9b9cc50e17cf@gmail.com>
Date: Thu, 14 Dec 2023 10:18:31 +0100
Message-ID: <00ba01da2e6e$81f1f910$85d5eb30$@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHXPopYN7i990IQiSstFfWCJHVlkwFyCoO7Ac1/rBewlF72sA==
Content-Language: de-at
X-Provags-ID: V03:K1:fP8HDrZHVTcyXMuhvhzCdo58S0ZHjlV/VboxCviZFljPdPkvMVi 5psezaV31f+aSFB1Csn99/XZaDxgxwLTCGXbZwOoRHdITjVJhgtxQ3u9Oo0cLiiDTqGYCiD b/TtSi+pDYdvQpk2gOhLQd+WMFBUbKdiyl5T0PAWkQBDx9AOjqqp7UxeHje7silq4CZXLvF zP42XxNUFnehIgx/vSF8Q==
UI-OutboundReport: notjunk:1;M01:P0:x0bp4uiKVIU=;5gWo58iAykUpj76VblgJhEU/qTw k3k9NcGjIT6t4iL3TkMsPZgpMbT96FScAnp0TMCNVytGQzjN9+J4uAFwi0e3qj67aggBrG+Wo 9UaavGrx+GhlXcuGtD5vSkrD4nbbXn0Jly63Q1w2OU+3csNV7SS9l0UHF5hAnrmuP4victZb7 fz1jkpIMbQBCXOPY4HiKuQre/bE/xusNiwGYNOtoD21P3UG50nKXP5ONn02t6Q1VcGdVBidjg 7of/xLfPaU40qW7Qm7DGzbjegL6HDZiy4ep6VVJmEqbazr00CUlQSvtf2cAC9SheVbtovdkjC GT66wZIbkJ8XUrbhxWo/hnzf/F9Sdy4d4sDiQ7bkrVoE9wVmkpdHJKIlWPaDv/pmmtVBP8Wk5 rt6j6qZe53OXDSqaPNuY4zqd2wQPb/gvLejoZfRSBY0nDmnaGn/s2IRPc7BLFS/2mwW7OhxYJ dar94calEs/oCdAaugY35HC0A5xCiZngEySp7kbv3njW/4HGKNiQQytMTYdWST3kgMwESIzsQ YkUuC1mgLz7T70gAXfjWqUJHvvU4EpRqiKwixeiZPwid/bSipQqDroU9J47CEXVvlWzjNsV5K 30DuiCI+BHyeKLbV06J2dY5Vtki6/O6NPofQO6ViOJot6F/N/QHWXrXD6MhE9NGFU9QLlX8qR 4QI+FXa8kgsFf7w5qgNwtL0NT/qP/xH7B58uZuE2CPrB4kvUzVyv6uUsBwr9Fo3GMgHkWh6uB lAzp7egw+P6DkqiYMntEHJ6PKRmoNixMKgxjiy4yIWFoUBV6RP6MDobz01x2mooRbnOE15vSy vu/DcG/J9fFK6ydp2rq0dLN8n2zp4iYqGnyUE13kGFCD14Rf1s/zC1o8H5j8FnqS5IlqLHLkD r5QRv79j1Z38xrsbHtzfkNWxpectU4ayf+2WvqOhcd8kqKr/Fy/hDI8KoQJ4JSKKBXj9vDtF1 OuCJw3P4dYKvxjDi9ciPGTSvq/0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/fXcgZNeqFFEdh5yefevOjdP3Kg0>
Subject: Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 09:18:35 -0000

Thank you all for your quick response. From the feedback it seems clear to go for ECDH-ES + A128KW
We will update the documents accordingly.

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Akira Tsukamoto
Sent: Donnerstag, 14. Dezember 2023 06:29
To: Brendan Moran <brendan.moran.ietf@gmail.com>; Russ Housley <housley@vigilsec.com>; Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Cc: suit@ietf.org; teep@ietf.org; Ken Takayama <ken.takayama.ietf@gmail.com>
Subject: Re: [Suit] [Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

Hi Brendan,

I am fine changing the MTI with ECDH-ES + A128KW.

Akira

On 12/14/2023 12:08 AM, Russ Housley wrote:
> I think ECDH-ES + A128KW covers more use cases.  It can be used with on recipient or many recipients.  So, I'd like to see that be the MTI.
> 
> Russ
> 
> 
>> On Dec 13, 2023, at 3:38 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote:
>>
>> Hi all,
>>  
>> In the SUIT firmware encryption draft we have so far used ECDH-ES + A128KW, which is also what we implemented in t_cose to generate the examples.
>>  
>> In a discussion with Ken today we realized that the SUIT-MTI draft has always used ECDH-ES + HKDF-256 instead.
>>  
>> Now, the question is: Should we support both, ECDH-ES + A128KW and ECDH-ES + HKDF-256?
>>  
>> IHMO we definitely need AES-KW for scenarios where we encrypt a firmware with a CEK once and then distribute that encrypted firmware image to many recipients. In this case, we 
>>
>>   * randomly generate a CEK, 
>>   * encrypt the firmware using this CEK, 
>>   * encrypt this CEK with a KEY unique per recipient with a KEK. The KEK is the result of using ECDH-ES with an KDF, as described in Section 6.4 of RFC 9053. 
>>
>>  
>> For scenarios where we send one firmware image to one recipient we could use ECDH-ES + HKDF-256 and currently we have a little bit of overhead here by using ECDH-ES + A128KW.
>>  
>> My preference is to leave the SUIT firmware encryption draft as is and to change the SUIT MTI draft to reference ECDH-ES + A128KW instead of ECDH-ES + HKDF-256.
>>  
>> Thoughts?
>>  
>> Ciao
>> Hannes
>>  
> 
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email