Hi,
We just submitted version 10 of EDHOC, the new version adds quite a lot of
clarifications and examples and adds some new optimizations. In particular:
- The introduction has been expanded to better describe the security properties
of EDHOC, the motivation behind it, and the structure of the document.
- The key derivation is described in terms of a function
EDHOC-Key-Derivation(AlgorithmID, keyDataLength, other) and an Exporter
interface EDHOC-Exporter(label, length). Appendix C and D now uses the exporter
interface.
- More information and examples on different ways to identify public keys. More
security details regarding identities as suggested by University of Copenhagen.
- Updated CCDL definitions with .cbor and .cborseq
- Changes aad_i and exchange_hash definitions to make implementations more
optimized
- The algorithm arrays are now defined as algs = alg / [ 2* alg ], an idea
borrowed from draft-schaad-cose-x509
- Renamed session IDs to connection IDs to make the purpose clearer.
- More explanation and clarification on how error messages work and how they
interact with lower layers as requested by Jim Schaad.
- Modified the error handling to allow truncation of the list of supported
algoritms.
- IANA section to register a Content-Format
- Added an appendix shortly explaining CBOR, CDDL, and COSE to developers of
EDHOC (as suggested by Klaus Hartke)
- Significantly expanded security considerations section, now divided in
subsections.
- Expanded the message size appendix to also cover PSK and certificate.
Compared to the TLS 1.3 handshake with TLS 1.3 the number of bytes in EDHOC is
less than 1/3 when PSK authentication is used and less than 1/2 when RPK
authentication is used
PSK RPK x5t x5chain
--------------------------------------------------------------------
message_1 47 44 44 44
message_2 49 125 131 121 + Certificate chain
message_3 12 86 92 82 + Certificate chain
--------------------------------------------------------------------
Total 108 255 267 247 + Certificate chains
Figure : Typical message sizes in bytes
Cheers,
John
On 2018-09-18, 13:15, "internet-dra...@ietf.org" <internet-dra...@ietf.org>
wrote:
A new version of I-D, draft-selander-ace-cose-ecdhe-10.txt
has been successfully submitted by John Mattsson and posted to the
IETF repository.
Name: draft-selander-ace-cose-ecdhe
Revision: 10
Title: Ephemeral Diffie-Hellman Over COSE (EDHOC)
Document date: 2018-09-18
Group: Individual Submission
Pages: 44
URL:
https://www.ietf.org/internet-drafts/draft-selander-ace-cose-ecdhe-10.txt
Status: https://datatracker.ietf.org/doc/draft-selander-ace-cose-ecdhe/
Htmlized: https://tools.ietf.org/html/draft-selander-ace-cose-ecdhe-10
Htmlized:
https://datatracker.ietf.org/doc/html/draft-selander-ace-cose-ecdhe
Diff:
https://www.ietf.org/rfcdiff?url2=draft-selander-ace-cose-ecdhe-10
Abstract:
This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a
very compact, and lightweight authenticated Diffie-Hellman key
exchange with ephemeral keys that can be used over any layer. EDHOC
provides mutual authentication, perfect forward secrecy, and identity
protection. EDHOC uses CBOR and COSE, allowing reuse of existing
libraries.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
