Minutes IETF114: lake: Wed 13:30
minutes-114-lake-202207271330-00
| Meeting Minutes | Lightweight Authenticated Key Exchange (lake) WG | |
|---|---|---|
| Date and time | 2022-07-27 17:30 | |
| Title | Minutes IETF114: lake: Wed 13:30 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2022-07-31 |
minutes-114-lake-202207271330-00
Lightweight Authenticated Key Exchange (LAKE) - IETF 114
Wednesday, 27 July 2022 -- 17:30-18:30 UTC
Chairs:
- Mališa Vučinić
- Stephen Farrell
Useful Links:
Agenda:
- Administrivia
-- chairs, 5 mins - Computational analysis of EDHOC Sig-Sig
-- Marc Ilunga, 15 mins - Computational analysis of EDHOC Stat-Stat
-- Baptiste Cottier, 15 mins - draft-ietf-lake-edhoc-15 & draft-ietf-lake-traces-01
-- John Preuß Mattsson & Göran Selander, 15 mins - Hackathon report
-- Marco Tiloca, 5 mins - What else is needed before WGLC?
-- chairs, 5 mins - AOB
Notetaker
- Marco Tiloca
Minutes
Administrivia (chairs, 5 mins)
- MV: Close to wrap-up of formal analysis. We'll have two
presentations on computational analysis today. Completed hacspec
implementation, more updates will come at IETF 115. - MV: Created a wiki about ongoing activities at lakewg.org . Feedback
and contribution is welcome. - MV: Open point on renaming "EDHOC" to "LAKE". We'll bring it to the
mailing list.
Computational analysis of EDHOC Sig-Sig (Marc Ilunga, 15 mins)
- Presented slides:
https://datatracker.ietf.org/meeting/114/materials/slides-114-lake-computational-analysis-of-edhoc-sig-sig-01.pdf - MI: Presenting analysis done within a MSc Thesis project. SIG-SIG is
structurally sound and secure. Same analysis model as that used for
the TLS 1.3 Handshake. - MI: As feedback from past recommendations, good to have introduced
PRK_OUT and the transcript hash computed over the plaintext; that
simplified the analysis. - JPM: Good work. These recommendations were included in EDHOC. Open
PR on computing TH_3 and TH_4, plus a few other minor things.
Please look at them.
Computational analysis of EDHOC Stat-Stat (Baptiste Cottier, 15 mins)
- Presented slides:
https://datatracker.ietf.org/meeting/114/materials/slides-114-lake-computational-analysis-of-edhoc-stat-stat-02.pdf - BC: Presenting the analysis. Results on p13, considering both
ciphersuites 0 and 2. - BC: Suggested improvements on the structure of message_3 (p15) and
on the computation of TH_2 (p17) - JPM: Thanks, issues also created about these points. One more PR and
additional related issues also created. - MI: Is your work publicly available?
- BC: It's still a draft, we'll publish it soon as there is a
pre-print or submitted.
draft-ietf-lake-edhoc-15 & draft-ietf-lake-traces-01 (John Preuß Mattsson, 15 mins)
- Presented slides:
https://datatracker.ietf.org/meeting/114/materials/slides-114-lake-edhoc-traces-01.pdf - JPM (p4-p7): list of EDHOC changes from -13 to -14. Mostly major
changes to key derivation, as to actual key derivation schedule and
labels are now integers. - JPM (p5): another big change was encoding of connection identifiers;
they're intrinsically byte strings, but a specific subset of those
are encoded as CBOR integers on the wire. - JPM (p6): the key schedule further changed in v -15, also
introducing PRK_OUT and PRK_Exporter. - JPM (p9): list of EDHOC changes from -14 to -15. Mostly
clarification on key derivation, unauthenticated operations and
security considerations. - JPM(p10): updates on EAD items (e.g., critical and non-critical use)
and their labels. - JPM (p11): surveying open points, also as open issues on Github.
- JPM (p12): Do we want to accommodate very large message_2?
Surveying candidate solutions. - JPM (p16): traces -01 covered EDHOC -15; traces -02 fixes some found
bugs.
Hackathon report (Marco Tiloca, 5 mins)
- Presented slides:
https://datatracker.ietf.org/meeting/114/materials/slides-114-lake-hackathon-report-00.pdf - MT: presents hackathon results.
- MT: Got the implementations up to date -15 with the same setup as in
Vienna. Eventually converged to the same OSCORE Master Secret and
Master Salt. - GS: Stefan has also his implementation up to date to EDHOC -15.
What else is needed before WGLC? (chairs, 5 mins)
- SF: What's left to do?
- JPM: Nothing more than already tracked issues/PRs, unless anything
pops up. After a next version and implementation confirmation, we
should be ready for WGLC. - MV: Today's feedback from security analysis will affect the key
schedule and the implementation and traces. Do we need an interim? - GS: Need to look at the latest input, we might need some kind of
meeting. Then we can update the draft and close issues/PRs. Not sure
we need an interim meeting. - SF: So we might have an interim in October or so, but we might start
and complete a WGLC before the November IETF meeting. Ok? - GS: Yes.
- SF: Heard no objections, we'll go for it.
AOB
- PW: Maybe good to have an early SECDIR review.
- SF: Good idea, we can do on the next version of the draft.
- MV: Thanks again for the formal analysis.
- GS: We're making changes to the protocol. It'd be good if the formal
analysis teams can do another round to ensure we don't break
anything.