Re: [Tm-rid] HHIT trust proof for Auth messages
Robert Moskowitz <rgm@labs.htt-consult.com> Wed, 02 October 2019 12:40 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA8F120019 for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 05:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyNBnSQOXC78 for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 05:40:25 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9028512000F for <tm-rid@ietf.org>; Wed, 2 Oct 2019 05:40:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id CEE726211F; Wed, 2 Oct 2019 08:40:23 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YDip6b4CYKG6; Wed, 2 Oct 2019 08:40:10 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EDF076211E; Wed, 2 Oct 2019 08:40:09 -0400 (EDT)
To: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com>
Date: Wed, 02 Oct 2019 08:40:06 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
In-Reply-To: <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------0137B2FEB287C24DEB2FCBE2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/j3HKjcHEgWsx4-YXz79uHmqXQYs>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 12:40:30 -0000
Quickly, We have to find out why the reduction in size when BT5 is 255 bytes and the extended messages were designed to work in BT5. Bob On 10/1/19 12:12 PM, Wiethuechter, Adam wrote: > All, > > Attached is a mock up of what Bob has here just in the new 0.8 version > of the authentication message. > > There is a 23 byte payload limit or 25 bytes if we remove the reserved > bytes and condense. I am unwilling to do this though as then the HHIT > or Trust Timestamp fields would be fragmented across pages. Its > already bad enough that the Trusted Timestamp and standard Timestamp > fragment across the 32 bit boundary (within a page) and worse the > signature across 3 whole pages already. While in practice this > probably wouldn't affect much it makes it harder to understand/read I > think. > > My concern, is that we are broadcasting over Bluetooth. There are 5 > pages to the authentication message (from my understanding of the new > standard). If we lose any one page it is most likely going to be a > signature page (as it spans 3 whole pages) and there will be no way to > achieve that which this format is intended for without the full > signature. Perhaps the payload section that Bob marked in (and fills > the final page of the authentication message) should be some sort of > error correction on the signature? > > The second version I think is unattainable in the new format, unless > someone here can defy the laws of physics and make numbers smaller > than they actually are thus allowing more to fit within the 109 byte > constrain of the message format. > > Questions, comments, concerns? > > On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz > <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: > > And here is something I have been working on as condensed proof of > HHIT > ownership objects that can be put into the auth messages. I have not > done that yet, like Adam has: > > <figure> > <artwork> > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | HHIT | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > / PAYLOAD / > / / > / +-------------------------------+ > / | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > HHIT 16 byte HHIT of EdDSA25519 HI > TIMESTAMP 4 byte packet trust until timestamp > HHIT SIG 64 byte Signature of whole packet > PAYLOAD 0 to n bytes of payload > Length 84 + n bytes > </artwork> > </figure> > <figure> > <artwork> > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HHIT | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HI | > | | > | | > | | > | | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | AUTH TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | AUTH HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | AUTH | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > / PAYLOAD / > / / > / +-------------------------------+ > / | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > DEV HHIT 16 byte Dev HHIT of EdDSA25519 HI > TIMESTAMP 4 byte packet trust until timestamp > DEV HHIT SIG 64 byte Signature of whole packet > DEV HI 32 byte Device HI of EdDSA25519 HI > AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp > AUTH HHIT 16 byte Authorizer's HHIT of EdDSA25519 HI > AUTH SIG 64 byte Signature of Device HHIT-HI > PAYLOAD 0 to n bytes of payload > Length 200 + n bytes > </artwork> > </figure> > > | Type | Length | > > -- > Tm-rid mailing list > Tm-rid@ietf.org <mailto:Tm-rid@ietf.org> > https://www.ietf.org/mailman/listinfo/tm-rid > > > > -- > 73's, > Adam T. Wiethuechter -- Standard Robert Moskowitz Owner HTT Consulting C:248-219-2059 F:248-968-2824 E:rgm@labs.htt-consult.com There's no limit to what can be accomplished if it doesn't matter who gets the credit
- [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Card, Stu
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam