-
EDHOC Status (John Mattsson & Göran Selander)
- JM: Main changes between 08 -> 11
- already discussed at interim
- technical changes until 11
- key derivation changes
- simplification (negotiation of cipher suites)
- CWT and CSS
- JM: Changes done after the interim 11 -> 12:
- JM: Questions on the status?
-
EDHOC Issues pending WG decision (John Mattsson & Göran Selander)
- #201
- JM: Minor cryptographic explanantions:
- MAC must be at least 8 bytes
- Compact representation Gx, Gy
- nonce binding
- Why EDHOC does not support running hash (because it is not supported on many constrained devices)
- #198
- JM: Security considerations
- #193
- JM: New draft in COSE for PQC KEMs.
- JM: It would not affect current Gx, Gy KEM
- #191
- JM: The information on the non-repudiation was wrong. This is similar to IKE. In TLS 1.2 the signature is (not sure) encrypted.
- #186
- JM: Discussion on the internal structure EAD. Unclear how other protocols will use the EAD interface. JM thinks we should specify it is correct CBOR (needs more discussion).
- #178
- JM: Security consideration of TOFU.
- #142
- JM: Length of the document. Is 101 pages too much.
- #81
- JM: Effect of limited randomness. A small PR was added by GS.
- JM: Optimal padding (also an open issue):
- Missing privacy consideration (there is a open PR).
- TLS1.3 and IKEv2 have padding mechanism to mitigate privacy leaks about ID_CRED and EAD.
- There is a proposal in PR #190. --> padding.
- SF: What is the best way to close the ones we think should be closed? Send a mail to the list saying that the issues will be closed soon.
- #169
- JM: Issues about test vectors: already discussed during the EDHOC traces update.
- #188
- JM: Missing SUITES_R? Have a list of supported responder cipher suites in the test vectors.
- JM: Should we support test vectors with an error in the cipher suite negotiation?
- #187
- JM: TOC for the test vectors
- JM: There are many test vectors but you don't know what is in them unless you read the source code.
- #47
- JM: Status of the test vectors additions 10/12
- JM: No real certificates yet (just 1,2,3 encoded)
- JM: Any questions?
-
Discussion of Pre-WGLC EDHOC reviews (John Mattsson & Göran Selander)
-
Next Steps (chairs)
* MV: Have an interim in the coming weeks before Christmas.
* SF: Have opinions of those who are not authors if we are ready for WG last call? I think we are getting close.
* MV: Based on the reviews it looks like we could move to last call.
* SF: If you have opinions now is a good time or on the mailing list.
* GS: No strong opinion. Last call would probably trigger more reviews. We know there will some crypto reviews coming up.
* SF: Have a stable draft while the crypto community does thers analysis. Tie down as much issues as possible before the last interim and then do last call.
* Mid december interim?
* no objection
- AOB