Salvador Pérez <salvador....@um.es> wrote:
    > we have implemented a previous version of EDHOC
    > (draft-selander-ace-cose-ecdhe) and want to share some experiences.

That's very cool.
Some questions for you!

    > Our work so far has focused on implementation and evaluation of version
    > -08 of EDHOC over CoAP using real IoT hardware. The obtained results
    > show a significant performance improvement compared to other key
    > establishment protocols, such as DTLS handshake (version 1.2),
    > especially with respect to length and number of exchanged messages.

What did you use for authentication?  RSA? ECDSA? EDDSA? PSK?
Were they raw public keys, or was it in a certificate?
Did you try a certificate in one direction and a raw public key in the other?
Did you offer more than 1 algorithm when you negotiated?

    > We have reviewed version -10 and noted the reduction of message
    > length. Based on our experience, we propose that also removing the
    > overhead due to security parameter negotiation could be an important
    > optimization, and relevant in many use cases where these parameters are
    > available through an out-of-band process.

If the list of valid algorithms is available securely by out-of-band
processes, then couldn't use this mechanism to do key agreement instead,
saving 100% of the bytes on the wire?  :-)

We need to do security parameter negotiation in order to be agile against
future algorithm attacks, and there will be algorithm attacks in the 20 to
40 year lifespans that we expect... and we need to leave space for replacing
the DH process with some QMDH process.  The CBOR encoding is really really
very nice for this, and I wish we had CBOR when we did IKEv2.

    > Accordingly and taking into account that EDHOC provides a basic
    > security functionality for any context where security needs to be
    > enabled, we are currently considering the application of this protocol
    > in different IoT deployments, such as LoRaWAN networks, OSCORE-enabled
    > scenarios or its integration with capabilities. We therefore would like
    > to see the progress of EDHOC in standardization.

I don't see how LORaWAN has enough bytes available for even EDHOC.
I think that LoRaWAN needs a key agreement protocol that can be run once
while the sensor is attached to the installer's smartphone.  The important
thing is that one is able to use the key agrement protocol over IPs A<->B,
in order to setup a context that can be used between IPs C<-->D.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
        

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to