Just one comment: TEAP does not require an inner method, and indeed for IoT it is not necessary.
Eliot > On 9 Oct 2019, at 07:46, Joseph Salowey <j...@salowey.net> wrote: > > Based on Jouni's analysis the derivation of the S-IMCKs is not well > specified. To me it looks like the solution to handle an arbitrary number of > methods that may or may not make an EMSK available would be fairly complex. > > I think the most straight forward solution is to either always assume that > for an EMSK generating method the EMSK is either always available or always > unavailable. It seems that it is safer to always assume that the EMSK is > unavailable and will therefore never be used. I think this has the following > implications: > > - The S-IMCK is always generated from the inner method MSK or the all-zero > value if the method does not generate key material. > - The EMSK compound MAC is not used > - Implementations must have a policy that accepts MSK MACs > > It would appear that from a cryptographic analysis point of view the MSK and > EMSK are equivalent since these keys will only be used in these TEAP > calculations and not for other purposes.. There are documented drawbacks of > using the MSK described in RFC7029 > (https://tools.ietf.org/html/rfc7029#page-12 > <https://tools.ietf.org/html/rfc7029#page-12>). If the properties of the > EMSK binding are needed in the use cases currently under consideration then I > think we could redefine the way the EMSK MAC to be computed from the EMSK of > the inner method changing the above to > > - The S-IMCK is always generated from the inner method MSK or the all-zero > value if the method does not generate key material. > - Compute EMSK MAC from the inner-method EMSK instead of the S-IMCK > Compound-MAC = MAC( EMSK[J], BUFFER ) > - Implementations have a policy that prevents EMSK downgrade to MSK > > Hopefully there is a more elegant solution. Any ideas? > > Joe > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
