The authors of draft-selander-ace-ake-auth have been discussing how to update this draft to reflect some of the changes in EDHOC. Specifically, there is a concern that ace-ake-auth reveals too much in message_1, things which EDHOC has worked hard to keep private.
For those that don't know ace-ake-auth, it fits into the "Ultra-constrained" onboarding column for the diagram that was part of https://datatracker.ietf.org/doc/html/draft-richardson-enrollment-roadmap-03 (and was in the IoT-Dir wiki, which needs to be resurrected. The diagram is also visible at: https://github.com/anima-wg/enrollment-roadmap/blob/master/technology-components.svg ) The ACE connection is that the backend (aka "BRSKI-MASA" protocol equivalent) was leveraged against the ACE mechanism. There is now some reconsideration here. Fundamentally, it would be nice to know where the document adoption is going so that we'd know where to have public discussions about the trade-offs. (please note reply-to) The location of the MASA (aka "W" in the document) is provided in the clear during message_1, with the actual device serial number encrypted to W using a static DH key that the pledge ("U") has been provisioned with. It would be nice to move some of this from message_1 to message_3, which would guard better against on-path attacks that impersonate V. The URL provided during message_1 is visible to any observers, and since this is onboarding, any network privacy is not yet applicable. OTH, the authorization step needs to complete before message_2 can properly be formed, as it contains enough of the RFC8366 constrained-voucher semantics that it allows the pledge (U) to authenticate V. Knowing the identity of the MASA may tell you a lot about the device in question. This is a place where having many MASA outsourced to a big MASA helps with privacy. It's also a place where perhaps oblivious-HTTP might help. There is a question about what the security policy of W is. Is it TOFU-ish, aka promiscious MASA, or does *it* know which device has been sold to whom? Also, the URL for the MASA is ideally very very short :-) -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
