IETF Logo Mail Archive

Re: [TLS] working group discussion of draft-mcgrew-tls-aes-ccm-01

Rene Struik <rstruik.ext@gmail.com> Fri, 05 August 2011 20:42 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A288E11E80C1 for <tls@ietfa.amsl.com>; Fri, 5 Aug 2011 13:42:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fF8OqC7OYYFQ for <tls@ietfa.amsl.com>; Fri, 5 Aug 2011 13:42:08 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id ABB9911E80B2 for <tls@ietf.org>; Fri, 5 Aug 2011 13:42:08 -0700 (PDT)
Received: by gyd5 with SMTP id 5so2196893gyd.31 for <tls@ietf.org>; Fri, 05 Aug 2011 13:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=+z6Sn1fdfoIYYAt+yLUbDujzkVtGnYogB+nyQMctzf0=; b=d/HSv3Ogn6VMhcPO0gq7sbAvMDNhQmwrDOy52NH03IP48Utu4w827tDqjj6okAiF9v 3wq1IFRfBn8eKntQAMpLHw+PsSuEqcazqUGt9W7Y31Qq7AUWK6eTcqgD3Oq8Nw+i583S /xZEYeY+/m4uM4d5+Tx5f1Y7HT7WpeU/oi2PM=
Received: by 10.91.26.30 with SMTP id d30mr2416962agj.64.1312576945991; Fri, 05 Aug 2011 13:42:25 -0700 (PDT)
Received: from [192.168.1.102] (CPE0013100e2c51-CM00186851d6f6.cpe.net.cable.rogers.com [99.231.117.243]) by mx.google.com with ESMTPS id h15sm2614201ank.13.2011.08.05.13.42.24 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 05 Aug 2011 13:42:25 -0700 (PDT)
Message-ID: <4E3C55AC.2050608@gmail.com>
Date: Fri, 05 Aug 2011 16:42:20 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: robert.cragie@gridmerge.com
References: <CA5C64FD.F40A%therbst@silverspringnet.com> <4E3C01FC.2060408@gridmerge.com> <E05B5D85-F99C-4B14-BE0D-BB02F01F9A7E@cisco.com> <4E3C1C06.1040801@gmail.com> <4E3C2F86.1090303@gridmerge.com>
In-Reply-To: <4E3C2F86.1090303@gridmerge.com>
X-Enigmail-Version: 1.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] working group discussion of draft-mcgrew-tls-aes-ccm-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 20:42:09 -0000

Hi Robert:

I do appreciate that one should not just tailor towards the 802.15.4 MAC
and make this more agnostic w.r.t. lower layers. Nevertheless, I was
just curious whether the design choices have the *potential* to work
together with, e.g., 802.15.4 and realize an implementation that
minimizes the state one has to keep on a device. This minimum would be
one key and one counter per incoming device, irrespective of layer. In
fact, the "one counter per incoming device" could be reduced to "one
loosely synchronized notion of time" instead, thereby reducing state to
one key and one loosely synchronized clock. It is not clear to me
whether, with the I-Ds, one can get close to this.

Best regards, Rene

On 05/08/2011 1:59 PM, Robert Cragie wrote:
> Hi Rene,
>
> It's not an issue. The CCM mode used in the drafts is not the same as
> that in 802.15.4 and that was quite deliberate; there was never an
> intent to make this specific to 802.15.4, more that it was recognized
> that 802.15.4 devices use CCM mode therefore this can be leveraged
> efficiently for TLS implementations. Key management for the TLS use is
> distinct from the key management of the MAC security material - I
> can't see why you would ever want to commonize frame counters across
> layers.
>
> Robert
>
> On 05/08/2011 5:36 PM, Rene Struik wrote:
>> Dear colleagues:
>>
>> It would help if one could elaborate somewhat more on some of the
>> implicit design decisions underlying those internet drafts.
>>
>> Example:
>> The nonce construction with the CCM mode in the drafts seems to be
>> incompatible with that suggested with 802.15.4-2006 (as mentioned in the
>> introduction and, presumably, to be used with ZigBee SE2.0).  If so,
>> this suggests one has to segregate key management for the MAC (if using
>> 802.15.4) and for higher layers, including the management of counters
>> used with the CCM mode of operation.
>>
>> Best regards, Rene
>>
>> On 05/08/2011 11:47 AM, Joe Salowey wrote:
>>> Where we left this was there was some, but not overwhelming support
>>> to bring it into the working group.  It was left to the authors on
>>> which path to take, through the working group process or as an
>>> individual submission.   If you go through the working group it is
>>> more likely there will be changes than if you go the individual
>>> submission route.   Matthew also raised the question of standards
>>> track vs information for ECC cipher suites.   For ECC, I still
>>> believe that informational will be the most expedient.
>>>
>>> Joe
>>> On Aug 5, 2011, at 7:45 AM, Robert Cragie wrote:
>>>
>>>> I would like to poke the coals on this one again too.
>>>>
>>>> There was a presentation at IETF80 regarding two drafts originating
>>>> from David McGrew (draft-mcgrew-tls-aes-ccm-01 and
>>>> draft-mcgrew-tls-aes-ccm-ecc-01) given by Matthew Campagna and IIRC
>>>> there were no significant objections to this moving forward.
>>>> However there was no particular support from the WG chairs for
>>>> doing this through the WG. In the meantime, a number of vendors
>>>> have been using these drafts and testing the
>>>> TLS_PSK_WITH_AES_128_CCM_8 and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
>>>> in both PANA/EAP-TLS and TLS forms successfully.
>>>>
>>>> Therefore I would like to get an clear view as to the way to move
>>>> this forward - either through the WG or as individual submissions.
>>>>
>>>> Thanks
>>>>
>>>> Robert
>>>>
>>>> On 01/08/2011 10:13 PM, Thomas Herbst wrote:
>>>>> Not sure where this fits into the wg chair's extensions triaging,
>>>>> but was hoping for an update on draft-mcgrew-tls-aes-ccm-01 last
>>>>> week.
>>>>>
>>>>> In Zigbee we'd specified ccm as most of the 802.15.4 chips have
>>>>> hardware support.
>>>>>
>>>>> tom
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> TLS mailing list
>>>>>
>>>>> TLS@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/tls
>>>> _______________________________________________
>>>> TLS mailing list
>>>> TLS@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tls
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>
>


-- 
email: rstruik.ext@gmail.com
Skype: rstruik
cell: +1 (647) 867-5658
USA Google voice: +1 (415) 690-7363

v2.23.0 | Report a Bug | By Email