IETF Logo Mail Archive

Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256

"lgl island-resort.com" <lgl@island-resort.com> Thu, 14 December 2023 17:19 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC329C14F5EF; Thu, 14 Dec 2023 09:19:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGp92Hgu76n8; Thu, 14 Dec 2023 09:19:40 -0800 (PST)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2100.outbound.protection.outlook.com [40.107.93.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 263E5C14F60B; Thu, 14 Dec 2023 09:19:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wrk+dQPGK/TSS+UaOAGNDfzk9aJwYde6QjjU/igi0mNO0C8HByvjZKgDyYu+Z8mSNcQcH4GOk50IpUMvpG47ESJj/i1qusuRmlGxPpdRlu8JOytHukiXvP71MNZR/wizMjUmHmIWC1VD36OnrN8UunK8UcyMJnFxiYUXKLmUypyjZv/AGs/eXbTdG8adoxR8nJTgNQzFKDJNsZCYjXZczXZXehIPiR+lKfhz4TVrPSX3cvilPv7VgszLREe8c1AG7KGCA4A9MO+hbqL5/zh6rdhD/sS/9RViCwn3DfL1xlF6EId7LMxx8bdIqhXqPmZA7g8WGIzM9oqITwlWFhrtyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KII7Vszg5Fy8FoclAMjNDU60i/YZS4F9yZH5cWLXFG8=; b=GlDuC3362Z4pOIH2v+17kprHC2xbgiVe80BslWHHQsCj6hHQybdntk8rsEC8QgTkS+fdKXb+Pba1MW98CjNjl+mXWy0fHGCiKwrvVOM9OOqeGvctFBVNQPLSxbN3KC7nAd0YJ4hSP9Yezt/TI7tt5U499jlDfOh1FCcsmyoMmTrQUG5pIAcC5EfGFWIptW1FLwDy4zybZiXFGAO1VI/hk5UxBQMjLkWASOUtwVS/xQKogh2zW5ZVHLHrAPg32zwscccybEaVOZzI6talOmYp+302GZmbkGej2X+BnBVJiAbeP47bkUYkz5CkxB79NgPHgUA9NEcdSBAoufcoxECgmg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SJ0PR22MB2960.namprd22.prod.outlook.com (2603:10b6:a03:3dd::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 17:19:29 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::353a:75f1:88a7:5f90]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::353a:75f1:88a7:5f90%6]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 17:19:29 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>
CC: Akira Tsukamoto <akira.tsukamoto@gmail.com>, Brendan Moran <brendan.moran.ietf@gmail.com>, Russ Housley <housley@vigilsec.com>, suit <suit@ietf.org>, teep <teep@ietf.org>, Ken Takayama <ken.takayama.ietf@gmail.com>
Thread-Topic: [Suit] [Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
Thread-Index: AQHaLk6FzTOtncVILU6UQX13eV71VrCogGWAgACGYYA=
Date: Thu, 14 Dec 2023 17:19:29 +0000
Message-ID: <9F676C9F-1573-4DBE-A12A-A9A63BC77014@island-resort.com>
References: <08f701da2d9f$c043a6c0$40caf440$@gmx.net> <655A0104-EF30-42E4-862D-6D4D6E4FDDD9@vigilsec.com> <843e1218-8847-48cc-ada5-9b9cc50e17cf@gmail.com> <00ba01da2e6e$81f1f910$85d5eb30$@gmx.net>
In-Reply-To: <00ba01da2e6e$81f1f910$85d5eb30$@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|SJ0PR22MB2960:EE_
x-ms-office365-filtering-correlation-id: 3dba6a04-cf3f-4ef8-89db-08dbfcc8d4b2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d+zlW6tjbIiFlFDHWuW2Y6AUAoXuqPrP3swMMutjXJipOm+o+QqO/GEX/JsLRKwaB3Cw0hpB0r4pvPkquPyftgrNaU36jmQIzbpweEyzN9FcHBCqQu5++1V2Anhy+HxZLKNVh3rrrpd1aaUWoVf1Ks9yDnj4f7KsK3Cb/BRjmAAIySc9eop1vC9N7T6q02T7dlnwy8k8WcrSIW+Yda1CQN8enNf8wIvr4D17FLvYib4Ee0JtL1wMbYUqldsOr+e5+819i98il5M+Vbxn6vs858aXm9AZellaY0BOwc9EHRm54OsUw6mH4/Y8SO9ayWr03jvnrVfY4zIMTRbyd6AQI6SZ4V46tvlwxIYJO6m/dNzOJGSb2wdN0ARO+OEVVJd/kOjLX6EHfT8IPDGjlbdKlMCczZ3U6XlzfUP+9OXTf9pC+8qGSDdErhpc3aH7pL0NWK3Y40C37xTnpZhWBiIN5oWhWFpFC2yJ376mI1YxqgRrsexAXpPSipJIJD2DmxNcbo/2kWHoPxXCOGT1LSHRHFYLCt6E0GGfFp4lku6o6Le76BRUHKPVqXHEbwpdhJi3Z5qcZuCb8/PS68Wfqi0w3aOVXrajIgIZPVnFO0i0p9KkgWHDsREjAfxQ4LnzXRHOtndtMK+WB6CtGKzZ4VqaDw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(396003)(376002)(346002)(136003)(39830400003)(230922051799003)(64100799003)(451199024)(186009)(1800799012)(53546011)(6506007)(478600001)(122000001)(966005)(38100700002)(6486002)(6512007)(71200400001)(66946007)(91956017)(76116006)(66556008)(316002)(66476007)(66446008)(54906003)(64756008)(4326008)(8676002)(8936002)(2616005)(86362001)(36756003)(33656002)(41300700001)(2906002)(38070700009)(5660300002)(83380400001)(26005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: DXDb2XBBc+Hv6TQkpBAPoolMa7/9Bjew95DMzrApbnz2WaO68hcu0zwsejd8AEv+9BKOevM6qQLRHEqEixrhx7TDzvFfK7XI/ZxH4ZASEuJjMu/P8SPBe/uZUXY5Fv5tg6u9dcHauslOLfpbRcIZ9+z8BcnYLiXUX3eYSrsE6UFJ9TPuTvTo4Y0x3sT4WYbz1hl8Rk55M/aMXJGRfKFjEU9o9WKFwUNiKe7sCJguR7ZlzIyBja9wkiTebY1stGVuLCqswbz1wlmDqkrDHCRy0xenYqSsO1TDwBppuZQYpWk/n5iX5BnH90jjjxqWn3mtaH3+TcSmhsFGyAMGeWvZZZnRuRyBrvtvp1l3eViEAjfaF/HH8YRKJ6hbJcTJloVXVpFvFU1Pi8h5QDSqLhqoXdt6zBAE+jNvNUFzW+Vv9U09FBdYiaqNiDi/oplnrFH2u8KpcEJW1dHK5kG0AIStxaHFvLvQPbL6e9CLBVpovJDYZWsF5yQRlSMTU4LqlbmA3eMM89BNTJZFqSaswK1n7MNeZbfUR+2DBF9w8y92oWDwZT/3QBb0cyTuEdJIcwNPR25c24EgFr1T+UeHEZD+9NVjbwo3ki01/S6X6bG1BL1cazDhSpSMK1uRcXm2NYqyQKAIxqs6LxyMVQfkEA3ZfPx2pnrYJ1eOUFe9yPjr7+aXkCIeOzit1yIjSgG0chx2TKDUYaWXBQ7B4z4mRE7RADlVI0kkdh95+wUVItswFa6MDDgJuIwD2b1cbBfJq4L61YS3rOfDAA42H85bUTGQdaWqJvGCTlvKg7ILo1JrH7e4vEmjFR4ld1NkaSON1BC/KwJauv9Mf+RR8MxOuJ3GlHkaEDYQpRAo9buxMD+SxwPfRi6Gi/vFkleulGy6dZpoB/tDlUFD1bupwH2SGxmP3Kt8OZ2fWh17wCLmPWRzYFwSUEarSgxbgWlBT+yrD/4ULVlenZHniZzd5VF+hty19Nmbv6igy6xZVbKExUQeGjET0KS6y23SPn/rveZMNh3+m7CaYVSXOBIvNbePLsoeTmNk/+dwcudri1y2/UdFRfAczZ21IWPAojCwlYuW/sIm2dmXqhpRn/Zx5aYh8QadTYhCXC5UUnxcBIZWr3oZ2e/bodA0ahPS+JKQ8Sc32b7JiPb32M9+diL5pQTgUBHP9fpjmXhv6B15P8KOI0THPaUJSfoWQi2U8mImT0CyiJ06a0kAMoDqgy3fll/rXArxRlyk27iCaX+WHVyS7fK5z9nhz6Hq/LHuFihRFrsmiBL1nkKghc8AuC5tRlkYfKv3v2BkeDo1AQydRfKdkX4UGxYd1DghHN+lSUmaslCDOEgCxVvvV4mBmrWchbktpBUc5n64aB93kbtLOvPu2fXziqw456IicwozMAr3w8K/bTA9LR3u6xld+xujllzYDsztrAVLYRbOpD/pYklFWITJLUEBJHxYzNIR6p0o1HmjgKxIUfQYA7ik2z9r8aNk5Wkg869MjT8gzZm99nLqSRfGiEbutI2TjVtiGtxqLN6nANHE2ZFM+86Zma1Ub17CJV401CBcbxnbs00Q7zPQV1a/PfvBL2adeY6DKKwyQFPoBiuNVumxv1OxHXR1dClxT4h/Qw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <6947F52A6950A94882BB7159AD5FD4EE@namprd22.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3dba6a04-cf3f-4ef8-89db-08dbfcc8d4b2
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2023 17:19:29.4693 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7caHxAREf/TQe9FCZNFFcfMwFy8Goycf5Mfziyl+/vb2K5eoeUrDIiRXL/gznKNABGhARqJ4z3fm3b1yoCvgnw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR22MB2960
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/vz4dO8uqAZ8BmkOEW3OyEtumNf0>
Subject: Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 17:19:43 -0000

Note that there is a vulnerability in ECDH-ES + A128KW — the one that was presented in Prague. I think there are fixes, and it’s on my list to dig into it (IETF/COSE needs a full, proper and secure multi-recipient modern encryption format), but don’t have bandwidth right now.

LL

> On Dec 14, 2023, at 2:18 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote:
> 
> Thank you all for your quick response. From the feedback it seems clear to go for ECDH-ES + A128KW
> We will update the documents accordingly.
> 
> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Akira Tsukamoto
> Sent: Donnerstag, 14. Dezember 2023 06:29
> To: Brendan Moran <brendan.moran.ietf@gmail.com>; Russ Housley <housley@vigilsec.com>; Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
> Cc: suit@ietf.org; teep@ietf.org; Ken Takayama <ken.takayama.ietf@gmail.com>
> Subject: Re: [Suit] [Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
> 
> Hi Brendan,
> 
> I am fine changing the MTI with ECDH-ES + A128KW.
> 
> Akira
> 
> On 12/14/2023 12:08 AM, Russ Housley wrote:
>> I think ECDH-ES + A128KW covers more use cases.  It can be used with on recipient or many recipients.  So, I'd like to see that be the MTI.
>> 
>> Russ
>> 
>> 
>>> On Dec 13, 2023, at 3:38 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote:
>>> 
>>> Hi all,
>>> 
>>> In the SUIT firmware encryption draft we have so far used ECDH-ES + A128KW, which is also what we implemented in t_cose to generate the examples.
>>> 
>>> In a discussion with Ken today we realized that the SUIT-MTI draft has always used ECDH-ES + HKDF-256 instead.
>>> 
>>> Now, the question is: Should we support both, ECDH-ES + A128KW and ECDH-ES + HKDF-256?
>>> 
>>> IHMO we definitely need AES-KW for scenarios where we encrypt a firmware with a CEK once and then distribute that encrypted firmware image to many recipients. In this case, we 
>>> 
>>>  * randomly generate a CEK, 
>>>  * encrypt the firmware using this CEK, 
>>>  * encrypt this CEK with a KEY unique per recipient with a KEK. The KEK is the result of using ECDH-ES with an KDF, as described in Section 6.4 of RFC 9053. 
>>> 
>>> 
>>> For scenarios where we send one firmware image to one recipient we could use ECDH-ES + HKDF-256 and currently we have a little bit of overhead here by using ECDH-ES + A128KW.
>>> 
>>> My preference is to leave the SUIT firmware encryption draft as is and to change the SUIT MTI draft to reference ECDH-ES + A128KW instead of ECDH-ES + HKDF-256.
>>> 
>>> Thoughts?
>>> 
>>> Ciao
>>> Hannes
>>> 
>> 
>> _______________________________________________
>> TEEP mailing list
>> TEEP@ietf.org
>> https://www.ietf.org/mailman/listinfo/teep
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email