Hi, We just submitted version 10 of EDHOC, the new version adds quite a lot of clarifications and examples and adds some new optimizations. In particular:
- The introduction has been expanded to better describe the security properties of EDHOC, the motivation behind it, and the structure of the document. - The key derivation is described in terms of a function EDHOC-Key-Derivation(AlgorithmID, keyDataLength, other) and an Exporter interface EDHOC-Exporter(label, length). Appendix C and D now uses the exporter interface. - More information and examples on different ways to identify public keys. More security details regarding identities as suggested by University of Copenhagen. - Updated CCDL definitions with .cbor and .cborseq - Changes aad_i and exchange_hash definitions to make implementations more optimized - The algorithm arrays are now defined as algs = alg / [ 2* alg ], an idea borrowed from draft-schaad-cose-x509 - Renamed session IDs to connection IDs to make the purpose clearer. - More explanation and clarification on how error messages work and how they interact with lower layers as requested by Jim Schaad. - Modified the error handling to allow truncation of the list of supported algoritms. - IANA section to register a Content-Format - Added an appendix shortly explaining CBOR, CDDL, and COSE to developers of EDHOC (as suggested by Klaus Hartke) - Significantly expanded security considerations section, now divided in subsections. - Expanded the message size appendix to also cover PSK and certificate. Compared to the TLS 1.3 handshake with TLS 1.3 the number of bytes in EDHOC is less than 1/3 when PSK authentication is used and less than 1/2 when RPK authentication is used PSK RPK x5t x5chain -------------------------------------------------------------------- message_1 47 44 44 44 message_2 49 125 131 121 + Certificate chain message_3 12 86 92 82 + Certificate chain -------------------------------------------------------------------- Total 108 255 267 247 + Certificate chains Figure : Typical message sizes in bytes Cheers, John On 2018-09-18, 13:15, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote: A new version of I-D, draft-selander-ace-cose-ecdhe-10.txt has been successfully submitted by John Mattsson and posted to the IETF repository. Name: draft-selander-ace-cose-ecdhe Revision: 10 Title: Ephemeral Diffie-Hellman Over COSE (EDHOC) Document date: 2018-09-18 Group: Individual Submission Pages: 44 URL: https://www.ietf.org/internet-drafts/draft-selander-ace-cose-ecdhe-10.txt Status: https://datatracker.ietf.org/doc/draft-selander-ace-cose-ecdhe/ Htmlized: https://tools.ietf.org/html/draft-selander-ace-cose-ecdhe-10 Htmlized: https://datatracker.ietf.org/doc/html/draft-selander-ace-cose-ecdhe Diff: https://www.ietf.org/rfcdiff?url2=draft-selander-ace-cose-ecdhe-10 Abstract: This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact, and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys that can be used over any layer. EDHOC provides mutual authentication, perfect forward secrecy, and identity protection. EDHOC uses CBOR and COSE, allowing reuse of existing libraries. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace