IETF Logo Mail Archive

Re: [Tm-rid] HHIT trust proof for Auth messages

Robert Moskowitz <rgm@labs.htt-consult.com> Wed, 02 October 2019 12:40 UTC

Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA8F120019 for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 05:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyNBnSQOXC78 for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 05:40:25 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9028512000F for <tm-rid@ietf.org>; Wed, 2 Oct 2019 05:40:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id CEE726211F; Wed, 2 Oct 2019 08:40:23 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YDip6b4CYKG6; Wed, 2 Oct 2019 08:40:10 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EDF076211E; Wed, 2 Oct 2019 08:40:09 -0400 (EDT)
To: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com>
Date: Wed, 02 Oct 2019 08:40:06 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
In-Reply-To: <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------0137B2FEB287C24DEB2FCBE2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/j3HKjcHEgWsx4-YXz79uHmqXQYs>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 12:40:30 -0000

Quickly,

We have to find out why the reduction in size when BT5 is 255 bytes and 
the extended messages were designed to work in BT5.

Bob

On 10/1/19 12:12 PM, Wiethuechter, Adam wrote:
> All,
>
> Attached is a mock up of what Bob has here just in the new 0.8 version 
> of the authentication message.
>
> There is a 23 byte payload limit or 25 bytes if we remove the reserved 
> bytes and condense. I am unwilling to do this though as then the HHIT 
> or Trust Timestamp fields would be fragmented across pages. Its 
> already bad enough that the Trusted Timestamp and standard Timestamp 
> fragment across the 32 bit boundary (within a page) and worse the 
> signature across 3 whole pages already. While in practice this 
> probably wouldn't affect much it makes it harder to understand/read I 
> think.
>
> My concern, is that we are broadcasting over Bluetooth. There are 5 
> pages to the authentication message (from my understanding of the new 
> standard). If we lose any one page it is most likely going to be a 
> signature page (as it spans 3 whole pages) and there will be no way to 
> achieve that which this format is intended for without the full 
> signature. Perhaps the payload section that Bob marked in (and fills 
> the final page of the authentication message) should be some sort of 
> error correction on the signature?
>
> The second version I think is unattainable in the new format, unless 
> someone here can defy the laws of physics and make numbers smaller 
> than they actually are thus allowing more to fit within the 109 byte 
> constrain of the message format.
>
> Questions, comments, concerns?
>
> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz 
> <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote:
>
>     And here is something I have been working on as condensed proof of
>     HHIT
>     ownership objects that can be put into the auth messages.  I have not
>     done that yet, like Adam has:
>
>          <figure>
>              <artwork>
>         0                   1 2                   3
>         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        | HHIT                              |
>     |                                                               |
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>        | TIMESTAMP                          |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        | HHIT                              |
>        | SIG                              |
>     .                                                               .
>     .                                                               .
>     .                                                               .
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>        / PAYLOAD                            /
>     /                                                               /
>        / +-------------------------------+
>        / |                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>        HHIT           16 byte HHIT of EdDSA25519 HI
>        TIMESTAMP      4 byte packet trust until timestamp
>        HHIT SIG       64 byte Signature of whole packet
>        PAYLOAD        0 to n bytes of payload
>            Length     84 + n bytes
>              </artwork>
>          </figure>
>          <figure>
>              <artwork>
>         0                   1 2                   3
>         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        |                            DEV HHIT                           |
>     |                                                               |
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>        | TIMESTAMP                          |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        |                            DEV HHIT                           |
>        | SIG                              |
>     .                                                               .
>     .                                                               .
>     .                                                               .
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        |                              DEV HI                           |
>     |                                                               |
>     |                                                               |
>     |                                                               |
>     |                                                               |
>     |                                                               |
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>        |                         AUTH TIMESTAMP                        |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        |                           AUTH HHIT                           |
>     |                                                               |
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
>        | AUTH                               |
>        | SIG                              |
>     .                                                               .
>     .                                                               .
>     .                                                               .
>     |                                                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>        / PAYLOAD                            /
>     /                                                               /
>        / +-------------------------------+
>        / |                               |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>        DEV HHIT       16 byte Dev HHIT of EdDSA25519 HI
>        TIMESTAMP      4 byte packet trust until timestamp
>        DEV HHIT SIG   64 byte Signature of whole packet
>        DEV HI         32 byte Device HI of EdDSA25519 HI
>        AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp
>        AUTH HHIT      16 byte Authorizer's HHIT of EdDSA25519 HI
>        AUTH SIG       64 byte Signature of Device HHIT-HI
>        PAYLOAD        0 to n bytes of payload
>            Length    200 + n bytes
>              </artwork>
>          </figure>
>
>        |             Type              | Length            |
>
>     -- 
>     Tm-rid mailing list
>     Tm-rid@ietf.org <mailto:Tm-rid@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tm-rid
>
>
>
> -- 
> 73's,
> Adam T. Wiethuechter

-- 
Standard Robert Moskowitz
Owner
HTT Consulting
C:248-219-2059
F:248-968-2824
E:rgm@labs.htt-consult.com

There's no limit to what can be accomplished if it doesn't matter who 
gets the credit

v2.23.0 | Report a Bug | By Email