Hi Mohit, Thanks a bunch for going over the draft and the presentation. The “Key” is literally a text string differentiating between a key being derived or an IV. For more details please see Section 3.2.1 of OSCOAP draft or for instance section 7.3 of TLS 1.3 draft.
I agree with you that key derivation is the correct term, although I notice that section 7.3 of TLS 1.3 draft seems to be using the verb ‘to generate’ in the similar context. I think your comment applies to their case as well. Agreed for the AEAD nonce. Please CC the 6tisch ML if your question on AEAD nonce uniqueness concerns the minimal security draft. Regards, Mališa > On 10 Apr 2017, at 10:31, Mohit Sethi <[email protected]> wrote: > > Hi Malisa > > I am now reviewing the minimal security as well as the OSCoAP and EDHOC > documents. While it will still take some time for me send out a detailed > review, I have some comments on the confusing terminology used in your > presentation. > > First, the slides where you explain key generation at pledge. What is the > "Key" on the slide? How is this "Key" different from the PSK? The slide says > key generation but use a HKDF. Which one is it? Key generation or derivation? > Do you use them interchangeably? > > Also for the Nonce generation slides and in the draft, please say explicitly > "AEAD Nonce" so that it is not confused with the nonces used in TLS and EDHOC > handshakes. Those nonces need to be fresh random bytes while the AEAD nonce > only needs to be unique for each invocation of AEAD. > > These terms maybe well understood and trivial for those working on the > drafts, for others these can be confusing. > > I have a separate question on uniqueness of AEAD nonce that I would send out > on the CoRE mailing list. > > --Mohit > > _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
