rfc9668.original | rfc9668.txt | |||
---|---|---|---|---|
CoRE Working Group F. Palombini | Internet Engineering Task Force (IETF) F. Palombini | |||
Internet-Draft Ericsson | Request for Comments: 9668 Ericsson AB | |||
Intended status: Standards Track M. Tiloca | Category: Standards Track M. Tiloca | |||
Expires: 11 October 2024 R. Höglund | ISSN: 2070-1721 R. Höglund | |||
RISE AB | RISE AB | |||
S. Hristozov | S. Hristozov | |||
Fraunhofer AISEC | Eriptic | |||
G. Selander | G. Selander | |||
Ericsson | Ericsson | |||
9 April 2024 | November 2024 | |||
Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained | Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained | |||
Application Protocol (CoAP) and Object Security for Constrained RESTful | Application Protocol (CoAP) and Object Security for Constrained RESTful | |||
Environments (OSCORE) | Environments (OSCORE) | |||
draft-ietf-core-oscore-edhoc-11 | ||||
Abstract | Abstract | |||
The lightweight authenticated key exchange protocol Ephemeral Diffie- | The lightweight authenticated key exchange protocol Ephemeral Diffie- | |||
Hellman Over COSE (EDHOC) can be run over the Constrained Application | Hellman Over COSE (EDHOC) can be run over the Constrained Application | |||
Protocol (CoAP) and used by two peers to establish a Security Context | Protocol (CoAP) and used by two peers to establish a Security Context | |||
for the security protocol Object Security for Constrained RESTful | for the security protocol Object Security for Constrained RESTful | |||
Environments (OSCORE). This document details this use of the EDHOC | Environments (OSCORE). This document details this use of the EDHOC | |||
protocol, by specifying a number of additional and optional | protocol by specifying a number of additional and optional | |||
mechanisms. These especially include an optimization approach for | mechanisms, including an optimization approach for combining the | |||
combining the execution of EDHOC with the first OSCORE transaction. | execution of EDHOC with the first OSCORE transaction. This | |||
This combination reduces the number of round trips required to set up | combination reduces the number of round trips required to set up an | |||
an OSCORE Security Context and to complete an OSCORE transaction | OSCORE Security Context and to complete an OSCORE transaction using | |||
using that Security Context. | that Security Context. | |||
Discussion Venues | ||||
This note is to be removed before publishing as an RFC. | ||||
Discussion of this document takes place on the Constrained RESTful | ||||
Environments Working Group mailing list (core@ietf.org), which is | ||||
archived at https://mailarchive.ietf.org/arch/browse/core/. | ||||
Source for this draft and an issue tracker can be found at | ||||
https://github.com/core-wg/oscore-edhoc. | ||||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
provisions of BCP 78 and BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on 11 October 2024. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9668. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
in the Revised BSD License. | ||||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.1. Terminology | |||
2. EDHOC Overview . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. EDHOC Overview | |||
3. EDHOC Combined with OSCORE . . . . . . . . . . . . . . . . . 8 | 3. EDHOC Combined with OSCORE | |||
3.1. EDHOC Option . . . . . . . . . . . . . . . . . . . . . . 10 | 3.1. EDHOC Option | |||
3.2. Client Processing . . . . . . . . . . . . . . . . . . . . 11 | 3.2. Client Processing | |||
3.2.1. Processing of the EDHOC + OSCORE Request . . . . . . 11 | 3.2.1. Processing of the EDHOC + OSCORE Request | |||
3.2.2. Supporting Block-wise . . . . . . . . . . . . . . . . 13 | 3.2.2. Supporting Block-Wise Transfers | |||
3.3. Server Processing . . . . . . . . . . . . . . . . . . . . 13 | 3.3. Server Processing | |||
3.3.1. Processing of the EDHOC + OSCORE Request . . . . . . 13 | 3.3.1. Processing of the EDHOC + OSCORE Request | |||
3.3.2. Supporting Block-wise . . . . . . . . . . . . . . . . 15 | 3.3.2. Supporting Block-Wise Transfers | |||
3.4. Example of EDHOC + OSCORE Request . . . . . . . . . . . . 15 | 3.4. Example of the EDHOC + OSCORE Request | |||
4. Use of EDHOC Connection Identifiers with OSCORE . . . . . . . 16 | 4. Use of EDHOC Connection Identifiers with OSCORE | |||
4.1. Additional Processing of EDHOC Messages . . . . . . . . . 17 | 4.1. Additional Processing of EDHOC Messages | |||
4.1.1. Initiator Processing of Message 1 . . . . . . . . . . 17 | 4.1.1. Initiator Processing of Message 1 | |||
4.1.2. Responder Processing of Message 2 . . . . . . . . . . 17 | 4.1.2. Responder Processing of Message 2 | |||
4.1.3. Initiator Processing of Message 2 . . . . . . . . . . 18 | 4.1.3. Initiator Processing of Message 2 | |||
5. Extension and Consistency of Application Profiles . . . . . . 18 | 5. Extension and Consistency of Application Profiles | |||
6. Web Linking . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 6. Web Linking | |||
7. Security Considerations . . . . . . . . . . . . . . . . . . . 21 | 7. Security Considerations | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 | 8. IANA Considerations | |||
8.1. CoAP Option Numbers Registry . . . . . . . . . . . . . . 22 | 8.1. CoAP Option Numbers Registry | |||
8.2. Target Attributes Registry . . . . . . . . . . . . . . . 23 | 8.2. Target Attributes Registry | |||
8.3. EDHOC Authentication Credential Types Registry . . . . . 24 | 8.3. EDHOC Authentication Credential Types Registry | |||
8.4. Expert Review Instructions . . . . . . . . . . . . . . . 25 | 8.4. Expert Review Instructions | |||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 | 9. References | |||
9.1. Normative References . . . . . . . . . . . . . . . . . . 26 | 9.1. Normative References | |||
9.2. Informative References . . . . . . . . . . . . . . . . . 28 | 9.2. Informative References | |||
Appendix A. Document Updates . . . . . . . . . . . . . . . . . . 28 | Acknowledgments | |||
A.1. Version -10 to -11 . . . . . . . . . . . . . . . . . . . 28 | Authors' Addresses | |||
A.2. Version -09 to -10 . . . . . . . . . . . . . . . . . . . 29 | ||||
A.3. Version -08 to -09 . . . . . . . . . . . . . . . . . . . 29 | ||||
A.4. Version -07 to -08 . . . . . . . . . . . . . . . . . . . 29 | ||||
A.5. Version -06 to -07 . . . . . . . . . . . . . . . . . . . 29 | ||||
A.6. Version -05 to -06 . . . . . . . . . . . . . . . . . . . 30 | ||||
A.7. Version -04 to -05 . . . . . . . . . . . . . . . . . . . 30 | ||||
A.8. Version -03 to -04 . . . . . . . . . . . . . . . . . . . 31 | ||||
A.9. Version -02 to -03 . . . . . . . . . . . . . . . . . . . 31 | ||||
A.10. Version -01 to -02 . . . . . . . . . . . . . . . . . . . 32 | ||||
A.11. Version -00 to -01 . . . . . . . . . . . . . . . . . . . 32 | ||||
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 32 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 | ||||
1. Introduction | 1. Introduction | |||
Ephemeral Diffie-Hellman Over COSE (EDHOC) [RFC9528] is a lightweight | Ephemeral Diffie-Hellman Over COSE (EDHOC) [RFC9528] is a lightweight | |||
authenticated key exchange protocol, especially intended for use in | authenticated key exchange protocol that is specifically intended for | |||
constrained scenarios. In particular, EDHOC messages can be | use in constrained scenarios. In particular, EDHOC messages can be | |||
transported over the Constrained Application Protocol (CoAP) | transported over the Constrained Application Protocol (CoAP) | |||
[RFC7252] and used for establishing a Security Context for Object | [RFC7252] and used for establishing a Security Context for Object | |||
Security for Constrained RESTful Environments (OSCORE) [RFC8613]. | Security for Constrained RESTful Environments (OSCORE) [RFC8613]. | |||
This document details the use of the EDHOC protocol with CoAP and | This document details the use of the EDHOC protocol with CoAP and | |||
OSCORE, and specifies a number of additional and optional mechanisms. | OSCORE and specifies a number of additional and optional mechanisms. | |||
These especially include an optimization approach that combines the | These include an optimization approach that combines the EDHOC | |||
EDHOC execution with the first OSCORE transaction (see Section 3). | execution with the first OSCORE transaction (see Section 3). This | |||
This allows for a minimum number of two round trips necessary to | allows for a minimum number of two round trips necessary to set up | |||
setup the OSCORE Security Context and complete an OSCORE transaction, | the OSCORE Security Context and complete an OSCORE transaction, e.g., | |||
e.g., when an IoT device gets configured in a network for the first | when an Internet of Things (IoT) device gets configured in a network | |||
time. | for the first time. | |||
This optimization is desirable, since the number of message exchanges | This optimization is desirable since the number of message exchanges | |||
can have a substantial impact on the latency of conveying the first | can have a substantial impact on the latency of conveying the first | |||
OSCORE request, when using certain radio technologies. | OSCORE request when using certain radio technologies. | |||
Without this optimization, it is not possible to achieve the minimum | Without this optimization, it is not possible to achieve the minimum | |||
number of two round trips. This optimization makes it possible, | number of two round trips. This optimization makes it possible since | |||
since the message_3 of the EDHOC protocol can be made relatively | the message_3 of the EDHOC protocol can be made relatively small (see | |||
small (see Section 1.2 of [RFC9528]), thus allowing additional | Section 1.2 of [RFC9528]), thus allowing additional OSCORE-protected | |||
OSCORE-protected CoAP data within target MTU sizes. | CoAP data within target MTU sizes. | |||
The minimum number of two round trips can be achieved only if the | The minimum number of two round trips can be achieved only if the | |||
default, forward message flow of EDHOC is used, i.e., when a CoAP | default forward message flow of EDHOC is used, i.e., when a CoAP | |||
client acts as EDHOC Initiator and a CoAP server acts as EDHOC | client acts as EDHOC Initiator and a CoAP server acts as EDHOC | |||
Responder. The performance advantage of using this optimization can | Responder. The performance advantage of using this optimization can | |||
be lost when used in combination with Block-wise transfers [RFC7959] | be lost when used in combination with Block-wise transfers [RFC7959] | |||
that rely on specific parameter values and block sizes. | that rely on specific parameter values and block sizes. | |||
Furthermore, this document defines a number of parameters | Furthermore, this document defines a number of parameters | |||
corresponding to different information elements of an EDHOC | corresponding to different information elements of an EDHOC | |||
application profile (see Section 6). These can be specified as | application profile (see Section 6). These parameters can be | |||
target attributes in the link to an EDHOC resource associated with | specified as target attributes in the link to an EDHOC resource | |||
that application profile, thus enabling an enhanced discovery of such | associated with that application profile, thus enabling an enhanced | |||
a resource for CoAP clients. | discovery of such a resource for CoAP clients. | |||
1.1. Terminology | 1.1. Terminology | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
The reader is expected to be familiar with terms and concepts defined | The reader is expected to be familiar with terms and concepts defined | |||
in CoAP [RFC7252], CBOR [RFC8949], OSCORE [RFC8613], and EDHOC | in CoAP [RFC7252], Concise Binary Object Representation (CBOR) | |||
[RFC9528]. | [RFC8949], OSCORE [RFC8613], and EDHOC [RFC9528]. | |||
2. EDHOC Overview | 2. EDHOC Overview | |||
This section is not normative and summarizes what is specified in | This section is not normative and summarizes what is specified in | |||
[RFC9528], in particular its Appendix A.2. Thus, it provides a | [RFC9528] (specifically Appendix A.2 of [RFC9528]). Thus, it | |||
baseline for the enhancements in the subsequent sections. | provides a baseline for the enhancements in the subsequent sections. | |||
The EDHOC protocol specified in [RFC9528] allows two peers to agree | The EDHOC protocol specified in [RFC9528] allows two peers to agree | |||
on a cryptographic secret, in a mutually-authenticated way and by | on a cryptographic secret in a mutually-authenticated way and | |||
using Diffie-Hellman ephemeral keys to achieve forward secrecy. The | achieves forward secrecy by using Diffie-Hellman ephemeral keys. The | |||
two peers are denoted as Initiator and Responder, as the one sending | two peers are denoted as the "Initiator" and "Responder", as the one | |||
or receiving the initial EDHOC message_1, respectively. | sending or receiving the initial EDHOC message_1, respectively. | |||
After successful processing of EDHOC message_3, both peers agree on a | After successful processing of EDHOC message_3, both peers agree on a | |||
cryptographic secret that can be used to derive further security | cryptographic secret that can be used to derive further security | |||
material, and especially to establish an OSCORE Security Context | material and establish an OSCORE Security Context [RFC8613]. The | |||
[RFC8613]. The Responder can also send an optional EDHOC message_4 | Responder can also send an optional EDHOC message_4 in order for the | |||
to achieve key confirmation, e.g., in deployments where no protected | Initiator to achieve key confirmation, e.g., in deployments where no | |||
application message is sent from the Responder to the Initiator. | protected application message is sent from the Responder to the | |||
Initiator. | ||||
Appendix A.2 of [RFC9528] specifies how to transfer EDHOC over CoAP. | Appendix A.2 of [RFC9528] specifies how to transfer EDHOC over CoAP. | |||
That is, the EDHOC data (i.e., the EDHOC message possibly with a | That is, the EDHOC data (i.e., the EDHOC message possibly with a | |||
prepended connection identifier) are transported in the payload of | prepended connection identifier) is transported in the payload of | |||
CoAP requests and responses. The default, forward message flow of | CoAP requests and responses. The default forward message flow of | |||
EDHOC consists in the CoAP client acting as Initiator and the CoAP | EDHOC consists in the CoAP client acting as Initiator and the CoAP | |||
server acting as Responder (see Appendix A.2.1 of [RFC9528]). | server acting as Responder (see Appendix A.2.1 of [RFC9528]). | |||
Alternatively, the two roles can be reversed, as per the reverse | Alternatively, the two roles can be reversed as per the reverse | |||
message flow of EDHOC (see Appendix A.2.2 of [RFC9528]). In the rest | message flow of EDHOC (see Appendix A.2.2 of [RFC9528]). In the rest | |||
of this document, EDHOC messages are considered to be transferred | of this document, EDHOC messages are considered to be transferred | |||
over CoAP. | over CoAP. | |||
Figure 1 shows a successful execution of EDHOC, with a CoAP client | Figure 1 shows a successful execution of EDHOC, with a CoAP client | |||
and a CoAP server running EDHOC as Initiator and Responder, | and a CoAP server running EDHOC as Initiator and Responder, | |||
respectively. In particular, it extends Figure 10 from | respectively. In particular, it extends Figure 10 from | |||
Appendix A.2.1 of [RFC9528], by highlighting when the two peers | Appendix A.2.1 of [RFC9528] by highlighting when the two peers | |||
perform EDHOC verification and establish the OSCORE Security Context, | perform EDHOC verification and establish the OSCORE Security Context, | |||
and by adding an exchange of OSCORE-protected CoAP messages after | and by adding an exchange of OSCORE-protected CoAP messages after | |||
completing the EDHOC execution. | completing the EDHOC execution. | |||
That is, the client sends a POST request to a reserved _EDHOC | That is, the client sends a POST request to a reserved EDHOC resource | |||
resource_ at the server, by default at the Uri-Path "/.well-known/ | at the server, by default at the Uri-Path "/.well-known/edhoc". The | |||
edhoc". The request payload consists of the CBOR simple value true | request payload consists of the CBOR simple value true (0xf5) | |||
(0xf5) concatenated with EDHOC message_1, which also includes the | concatenated with EDHOC message_1, which also includes the EDHOC | |||
EDHOC connection identifier C_I of the client encoded as per | connection identifier C_I of the client encoded as per Section 3.3 of | |||
Section 3.3 of [RFC9528]. The request has Content-Format | [RFC9528]. The request has Content-Format application/cid- | |||
application/cid-edhoc+cbor-seq. | edhoc+cbor-seq. | |||
This triggers the EDHOC execution at the server, which replies with a | This triggers the EDHOC execution at the server, which replies with a | |||
2.04 (Changed) response. The response payload consists of EDHOC | 2.04 (Changed) response. The response payload consists of EDHOC | |||
message_2, which also includes the EDHOC connection identifier C_R of | message_2, which also includes the EDHOC connection identifier C_R of | |||
the server encoded as per Section 3.3 of [RFC9528]. The response has | the server encoded as per Section 3.3 of [RFC9528]. The response has | |||
Content-Format application/edhoc+cbor-seq. | Content-Format application/edhoc+cbor-seq. | |||
Finally, the client sends a POST request to the same EDHOC resource | Finally, the client sends a POST request to the same EDHOC resource | |||
used earlier when it sent EDHOC message_1. The request payload | used earlier when it sent EDHOC message_1. The request payload | |||
consists of the EDHOC connection identifier C_R encoded as per | consists of the EDHOC connection identifier C_R encoded as per | |||
Section 3.3 of [RFC9528], concatenated with EDHOC message_3. The | Section 3.3 of [RFC9528] concatenated with EDHOC message_3. The | |||
request has Content-Format application/cid-edhoc+cbor-seq. | request has Content-Format application/cid-edhoc+cbor-seq. | |||
After this exchange takes place, and after successful verifications | After this exchange takes place, and after successful verifications | |||
as specified in the EDHOC protocol, the client and server can derive | as specified in the EDHOC protocol, the client and server can derive | |||
an OSCORE Security Context, as defined in Appendix A.1 of [RFC9528]. | an OSCORE Security Context as defined in Appendix A.1 of [RFC9528]. | |||
After that, they can use OSCORE to protect their communications as | After that, the client and server can use OSCORE to protect their | |||
per [RFC8613]. Note that the EDHOC Connection Identifier C_R is used | communications as per [RFC8613]. Note that the EDHOC connection | |||
as the OSCORE Sender ID of the client (see Appendix A.1 of | identifier C_R is used as the OSCORE Sender ID of the client (see | |||
[RFC9528]). Therefore, C_R is transported in the 'kid' field of the | Appendix A.1 of [RFC9528]). Therefore, C_R is transported in the | |||
OSCORE Option of the OSCORE Request (see Section 6.1 of [RFC8613]). | 'kid' field of the OSCORE option of the OSCORE Request (see | |||
Section 6.1 of [RFC8613]). | ||||
The client and server are required to agree in advance on certain | The client and server are required to agree in advance on certain | |||
information and parameters describing how they should use EDHOC. | information and parameters describing how they should use EDHOC. | |||
These are specified in an application profile associated with the | These are specified in an application profile associated with the | |||
EDHOC resource addressed (see Section 3.9 of [RFC9528]. | EDHOC resource addressed (see Section 3.9 of [RFC9528]). | |||
CoAP client CoAP server | CoAP client CoAP server | |||
(EDHOC Initiator) (EDHOC Responder) | (EDHOC Initiator) (EDHOC Responder) | |||
| | | | | | |||
| | | | | | |||
| ----------------- EDHOC Request -----------------> | | | ----------------- EDHOC Request -----------------> | | |||
| Header: 0.02 (POST) | | | Header: 0.02 (POST) | | |||
| Uri-Path: "/.well-known/edhoc" | | | Uri-Path: "/.well-known/edhoc" | | |||
| Content-Format: application/cid-edhoc+cbor-seq | | | Content-Format: application/cid-edhoc+cbor-seq | | |||
| Payload: true, EDHOC message_1 | | | Payload: true, EDHOC message_1 | | |||
skipping to change at page 8, line 5 ¶ | skipping to change at line 268 ¶ | |||
| Header: 0.02 (POST) | | | Header: 0.02 (POST) | | |||
| OSCORE: { ... ; kid: C_R } | | | OSCORE: { ... ; kid: C_R } | | |||
| Payload: OSCORE-protected data | | | Payload: OSCORE-protected data | | |||
| | | | | | |||
| <--------------- OSCORE Response ----------------- | | | <--------------- OSCORE Response ----------------- | | |||
| Header: 2.04 (Changed) | | | Header: 2.04 (Changed) | | |||
| OSCORE: { ... } | | | OSCORE: { ... } | | |||
| Payload: OSCORE-protected data | | | Payload: OSCORE-protected data | | |||
| | | | | | |||
Figure 1: EDHOC and OSCORE run sequentially. The optional | Figure 1: Sequential Flow of EDHOC and OSCORE with the Optional | |||
message_4 is included in this example. | message_4 Included | |||
As shown in Figure 1, this sequential flow where EDHOC is run first | The sequential flow of EDHOC and OSCORE (where EDHOC runs first and | |||
and then OSCORE is used takes three round trips to complete. | OSCORE is used after) takes three round trips to complete, as shown | |||
in Figure 1. | ||||
Section 3 defines an optimization for combining EDHOC with the first | Section 3 defines an optimization for combining EDHOC with the first | |||
OSCORE transaction. This reduces the number of round trips required | OSCORE transaction. This reduces the number of round trips required | |||
to set up an OSCORE Security Context and to complete an OSCORE | to set up an OSCORE Security Context and complete an OSCORE | |||
transaction using that Security Context. | transaction using that Security Context. | |||
3. EDHOC Combined with OSCORE | 3. EDHOC Combined with OSCORE | |||
This section defines an optimization for combining the EDHOC message | This section defines an optimization for combining the EDHOC message | |||
exchange with the first OSCORE transaction, thus minimizing the | exchange with the first OSCORE transaction, thus minimizing the | |||
number of round trips between the two peers to the absolute possible | number of round trips between the two peers to the absolute possible | |||
minimum of two round trips. | minimum of two round trips. | |||
To this end, this approach can be used only if the default, forward | To this end, this approach can be used only if the default forward | |||
message flow of EDHOC is used, i.e., when the client acts as | message flow of EDHOC is used, i.e., when the client acts as | |||
Initiator and the server acts as Responder. The same is not possible | Initiator and the server acts as Responder. The same is not possible | |||
in the case with reversed roles as per the reverse message flow of | in the case with reversed roles as per the reverse message flow of | |||
EDHOC. | EDHOC. | |||
When running the sequential flow of Section 2, the client has all the | When running the sequential flow of Section 2, the client has all the | |||
information to derive the OSCORE Security Context already after | information to derive the OSCORE Security Context already after | |||
receiving EDHOC message_2 and before sending EDHOC message_3. | receiving EDHOC message_2 and before sending EDHOC message_3. | |||
Hence, the client can potentially send both EDHOC message_3 and the | Hence, the client can potentially send both EDHOC message_3 and the | |||
subsequent OSCORE Request at the same time. On a semantic level, | subsequent OSCORE Request at the same time. On a semantic level, | |||
this requires sending two REST requests at once, as in Figure 2. | this requires sending two REST requests at once as shown in Figure 2. | |||
CoAP client CoAP server | CoAP client CoAP server | |||
(EDHOC Initiator) (EDHOC Responder) | (EDHOC Initiator) (EDHOC Responder) | |||
| | | | | | |||
| ------------------ EDHOC Request -----------------> | | | ------------------ EDHOC Request -----------------> | | |||
| Header: 0.02 (POST) | | | Header: 0.02 (POST) | | |||
| Uri-Path: "/.well-known/edhoc" | | | Uri-Path: "/.well-known/edhoc" | | |||
| Content-Format: application/cid-edhoc+cbor-seq | | | Content-Format: application/cid-edhoc+cbor-seq | | |||
| Payload: true, EDHOC message_1 | | | Payload: true, EDHOC message_1 | | |||
| | | | | | |||
| <----------------- EDHOC Response------------------ | | | <----------------- EDHOC Response------------------ | | |||
| Header: Changed (2.04) | | | Header: 2.04 (Changed) | | |||
| Content-Format: application/edhoc+cbor-seq | | | Content-Format: application/edhoc+cbor-seq | | |||
| Payload: EDHOC message_2 | | | Payload: EDHOC message_2 | | |||
| | | | | | |||
EDHOC verification | | EDHOC verification | | |||
+ | | + | | |||
OSCORE Sec Ctx | | OSCORE Sec Ctx | | |||
Derivation | | Derivation | | |||
| | | | | | |||
| -------------- EDHOC + OSCORE Request ------------> | | | -------------- EDHOC + OSCORE Request ------------> | | |||
| Header: 0.02 (POST) | | | Header: 0.02 (POST) | | |||
skipping to change at page 9, line 40 ¶ | skipping to change at line 336 ¶ | |||
| + | | + | |||
| OSCORE Sec Ctx | | OSCORE Sec Ctx | |||
| Derivation | | Derivation | |||
| | | | | | |||
| <--------------- OSCORE Response ------------------ | | | <--------------- OSCORE Response ------------------ | | |||
| Header: 2.04 (Changed) | | | Header: 2.04 (Changed) | | |||
| OSCORE: { ... } | | | OSCORE: { ... } | | |||
| Payload: OSCORE-protected data | | | Payload: OSCORE-protected data | | |||
| | | | | | |||
Figure 2: EDHOC and OSCORE combined. | Figure 2: EDHOC and OSCORE Combined | |||
To this end, the specific approach defined in this section consists | To this end, the specific approach defined in this section consists | |||
of sending a single EDHOC + OSCORE request, which conveys the pair | of sending a single EDHOC + OSCORE request, which conveys the pair | |||
(C_R, EDHOC message_3) within an OSCORE-protected CoAP message. | (C_R, EDHOC message_3) within an OSCORE-protected CoAP message. | |||
That is, the EDHOC + OSCORE request is composed of the following two | That is, the EDHOC + OSCORE request is composed of the following two | |||
parts combined together in a single CoAP message. The steps for | parts combined together in a single CoAP message. The steps for | |||
processing the EDHOC + OSCORE request and the two parts combined in | processing the EDHOC + OSCORE request and the two parts combined in | |||
there are defined in Section 3.2.1 and Section 3.3.1. | the request itself are defined in Sections 3.2.1 and 3.3.1. | |||
* The OSCORE Request from Figure 1, which is also in this case sent | * The OSCORE Request from Figure 1, which, in this case, is also | |||
to a protected resource, with the correct CoAP method and options | sent to a protected resource with the correct CoAP method and | |||
intended for accessing that resource. | options intended for accessing that resource. | |||
* EDHOC data consisting of the pair (C_R, EDHOC message_3) required | * EDHOC data consisting of the pair (C_R, EDHOC message_3) required | |||
for completing the EDHOC session, transported as follows: | for completing the EDHOC session transported as follows: | |||
- C_R is the OSCORE Sender ID of the client and hence transported | - C_R is the OSCORE Sender ID of the client; hence, it is | |||
in the 'kid' field of the OSCORE Option (see Section 6.1 of | transported in the 'kid' field of the OSCORE option (see | |||
[RFC8613]). Unlike in the sequential workflow shown in | Section 6.1 of [RFC8613]). Unlike the sequential workflow | |||
Figure 1, C_R is thus not transported in the payload of the | shown in Figure 1, C_R is not transported in the payload of the | |||
EDHOC + OSCORE request. | EDHOC + OSCORE request. | |||
- EDHOC message_3 is transported in the payload of the EDHOC + | - EDHOC message_3 is transported in the payload of the EDHOC + | |||
OSCORE request, prepended to the payload of the OSCORE Request. | OSCORE request and prepended to the payload of the OSCORE | |||
This is because EDHOC message_3 may be too large to be included | Request. This is because EDHOC message_3 may be too large to | |||
in a CoAP Option, e.g., when conveying a large public key | be included in a CoAP option, e.g., when conveying a large | |||
certificate chain as ID_CRED_I (see Section 3.5.3 of [RFC9528]) | public key certificate chain in the ID_CRED_I field (see | |||
or when conveying large External Authorization Data as EAD_3 | Section 3.5.3 of [RFC9528]), or when conveying large External | |||
(see Section 3.8 of [RFC9528]). | Authorization Data in the EAD_3 field (see Section 3.8 of | |||
[RFC9528]). | ||||
The rest of this section specifies how to transport the data in the | The rest of this section specifies how to transport the data in the | |||
EDHOC + OSCORE request and their processing order. In particular, | EDHOC + OSCORE request and their processing order. In particular, | |||
the use of this approach is explicitly signalled by including an | the use of this approach is explicitly signalled by including an | |||
EDHOC Option (see Section 3.1) in the EDHOC + OSCORE request. The | EDHOC option (Section 3.1) in the EDHOC + OSCORE request. The | |||
processing of the EDHOC + OSCORE request is specified in Section 3.2 | processing of the EDHOC + OSCORE request is specified in Section 3.2 | |||
for the client side and in Section 3.3 for the server side. | for the client side and in Section 3.3 for the server side. | |||
3.1. EDHOC Option | 3.1. EDHOC Option | |||
This section defines the EDHOC Option. The option is used in a CoAP | This section defines the EDHOC option. This option is used in a CoAP | |||
request, to signal that the request payload conveys both an EDHOC | request to signal that the request payload conveys both an EDHOC | |||
message_3 and OSCORE-protected data, combined together. | message_3 and OSCORE-protected data combined together. | |||
The EDHOC Option has the properties summarized in Table 1, which | The EDHOC option has the properties summarized in Table 1, which | |||
extends Table 4 of [RFC7252]. The option is Critical, Safe-to- | extends Table 4 of [RFC7252]. The option is Critical, Safe-to- | |||
Forward, and part of the Cache-Key. The option MUST occur at most | Forward, and part of the Cache-Key. The option MUST occur at most | |||
once and MUST be empty. If any value is sent, the recipient MUST | once and MUST be empty. If any value is sent, the recipient MUST | |||
ignore it. (Future documents may update the definition of the | ignore it. (Future documents may update the definition of the option | |||
option, by expanding its semantics and specifying admitted values.) | by expanding its semantics and specifying admitted values.) The | |||
The option is intended only for CoAP requests and is of Class U for | option is intended only for CoAP requests and is of Class U for | |||
OSCORE [RFC8613]. | OSCORE [RFC8613]. | |||
+=====+===+===+===+===+=======+========+========+=========+ | +=====+===+===+===+===+=======+========+========+=========+ | |||
| No. | C | U | N | R | Name | Format | Length | Default | | | No. | C | U | N | R | Name | Format | Length | Default | | |||
+=====+===+===+===+===+=======+========+========+=========+ | +=====+===+===+===+===+=======+========+========+=========+ | |||
| 21 | x | | | | EDHOC | Empty | 0 | (none) | | | 21 | x | | | | EDHOC | Empty | 0 | (none) | | |||
+-----+---+---+---+---+-------+--------+--------+---------+ | +-----+---+---+---+---+-------+--------+--------+---------+ | |||
Table 1: The EDHOC Option. C=Critical, U=Unsafe, | Table 1: The EDHOC Option. C=Critical, U=Unsafe, | |||
N=NoCacheKey, R=Repeatable | N=NoCacheKey, R=Repeatable | |||
The presence of this option means that the message payload also | The presence of this option means that the message payload also | |||
contains EDHOC data, which must be extracted and processed as defined | contains EDHOC data that must be extracted and processed as defined | |||
in Section 3.3, before the rest of the message can be processed. | in Section 3.3 before the rest of the message can be processed. | |||
Figure 3 shows an example of a CoAP message transported over UDP and | Figure 3 shows an example of a CoAP message that is transported over | |||
containing both the EDHOC data and the OSCORE ciphertext, using the | UDP and that contains both the EDHOC data and the OSCORE ciphertext | |||
newly defined EDHOC option for signalling. | using the newly defined EDHOC option for signalling. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
|Ver| T | TKL | Code | Message ID | | |Ver| T | TKL | Code | Message ID | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Token (if any, TKL bytes) ... | | Token (if any, TKL bytes) ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Observe Option| OSCORE Option ... | | Observe Option| OSCORE Option ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| EDHOC Option | Other Options (if any) ... | | EDHOC Option | Other Options (if any) ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
|1 1 1 1 1 1 1 1| Payload ... | |1 1 1 1 1 1 1 1| Payload ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 3: Example of CoAP message transported over UDP, combining | Figure 3: Example of a CoAP Message Containing the Combined EDHOC | |||
EDHOC data and OSCORE data as signalled with the EDHOC Option. | and OSCORE Data, Signalled by the EDHOC Option and Transported | |||
over UDP | ||||
3.2. Client Processing | 3.2. Client Processing | |||
This section describes the processing on the client side. | This section describes the processing on the client side. | |||
3.2.1. Processing of the EDHOC + OSCORE Request | 3.2.1. Processing of the EDHOC + OSCORE Request | |||
The client prepares an EDHOC + OSCORE request as follows. | The client prepares an EDHOC + OSCORE request as follows. | |||
1. Compose EDHOC message_3 into EDHOC_MSG_3, as per Section 5.4.2 of | Step 1. Compose EDHOC message_3 into EDHOC_MSG_3 as per | |||
[RFC9528]. | Section 5.4.2 of [RFC9528]. | |||
2. Establish the new OSCORE Security Context and use it to encrypt | Step 2. Establish the new OSCORE Security Context and use it to | |||
the original CoAP request as per Section 8.1 of [RFC8613]. | encrypt the original CoAP request as per Section 8.1 of | |||
[RFC8613]. | ||||
Note that the OSCORE ciphertext is not computed over EDHOC | Note that the OSCORE ciphertext is not computed over EDHOC | |||
message_3, which is not protected by OSCORE. That is, the result | message_3, which is not protected by OSCORE. That is, the | |||
of this step is the OSCORE Request as in Figure 1. | result of this step is the OSCORE Request as in Figure 1. | |||
3. Build COMB_PAYLOAD as the concatenation of EDHOC_MSG_3 and | Step 3. Build COMB_PAYLOAD as the concatenation of EDHOC_MSG_3 and | |||
OSCORE_PAYLOAD in this order: COMB_PAYLOAD = EDHOC_MSG_3 | | OSCORE_PAYLOAD in the order of COMB_PAYLOAD = EDHOC_MSG_3 | | |||
OSCORE_PAYLOAD, where | denotes byte string concatenation and: | OSCORE_PAYLOAD, where | denotes byte string concatenation | |||
and: | ||||
* EDHOC_MSG_3 is the binary encoding of EDHOC message_3 | * EDHOC_MSG_3 is the binary encoding of EDHOC message_3 | |||
resulting from step 1. As per Section 5.4.1 of [RFC9528], | resulting from Step 1. As per Section 5.4.1 of | |||
EDHOC message_3 consists of one CBOR data item CIPHERTEXT_3, | [RFC9528], EDHOC message_3 consists of one CBOR data item | |||
which is a CBOR byte string. Therefore, EDHOC_MSG_3 is the | CIPHERTEXT_3, which is a CBOR byte string. Therefore, | |||
binary encoding of CIPHERTEXT_3. | EDHOC_MSG_3 is the binary encoding of CIPHERTEXT_3. | |||
* OSCORE_PAYLOAD is the OSCORE ciphertext of the OSCORE- | * OSCORE_PAYLOAD is the OSCORE ciphertext of the OSCORE- | |||
protected CoAP request resulting from step 2. | protected CoAP request resulting from Step 2. | |||
4. Compose the EDHOC + OSCORE request, as the OSCORE-protected CoAP | Step 4. Compose the EDHOC + OSCORE request, as the OSCORE-protected | |||
request resulting from step 2, where the payload is replaced with | CoAP request resulting from Step 2, where the payload is | |||
COMB_PAYLOAD built at step 3. | replaced with COMB_PAYLOAD built at Step 3. | |||
Note that the new payload includes EDHOC message_3, but it does | Note that the new payload includes EDHOC message_3, but it | |||
not include the EDHOC connection identifier C_R. As the client | does not include the EDHOC connection identifier C_R. As | |||
is the EDHOC Initiator, C_R is the OSCORE Sender ID of the | the client is the EDHOC Initiator, C_R is the OSCORE Sender | |||
client, which is already specified as 'kid' in the OSCORE Option | ID of the client, which is already specified as the value of | |||
of the request from step 2, hence of the EDHOC + OSCORE request. | the 'kid' field in the OSCORE option of the request from | |||
Step 2; hence, C_R is specified as the value of the 'kid' | ||||
field of the EDHOC + OSCORE request. | ||||
5. Include the new EDHOC Option defined in Section 3.1 into the | Step 5. Include the new EDHOC option defined in Section 3.1 into the | |||
EDHOC + OSCORE request. | EDHOC + OSCORE request. | |||
The application/cid-edhoc+cbor-seq media type does not apply to | The application/cid-edhoc+cbor-seq media type does not apply | |||
this message, whose media type is unnamed. | to this message, whose media type is unnamed. | |||
6. Send the EDHOC + OSCORE request to the server. | Step 6. Send the EDHOC + OSCORE request to the server. | |||
With the same server, the client SHOULD NOT have multiple | With the same server, the client SHOULD NOT have multiple | |||
simultaneous outstanding interactions (see Section 4.7 of [RFC7252]) | simultaneous outstanding interactions (see Section 4.7 of [RFC7252]), | |||
such that: they consist of an EDHOC + OSCORE request; and their EDHOC | such that they consist of an EDHOC + OSCORE request and their EDHOC | |||
data pertain to the EDHOC session with the same connection identifier | data pertains to the EDHOC session with the same connection | |||
C_R. | identifier C_R. | |||
(An exception might apply for clients that operate under particular | An exception might apply for clients that operate under particular | |||
time constraints over particularly unreliable networks, thus raising | time constraints over particularly unreliable networks, thus raising | |||
the chances to promptly complete the EDHOC execution with the server | the chances to promptly complete the EDHOC execution with the server | |||
through multiple, simultaneous EDHOC + OSCORE requests. As discussed | through multiple simultaneous EDHOC + OSCORE requests. As discussed | |||
in Section 7, this does not have any impact in terms of security.) | in Section 7, this does not have any impact in terms of security. | |||
3.2.2. Supporting Block-wise | 3.2.2. Supporting Block-Wise Transfers | |||
If Block-wise [RFC7959] is supported, the client may fragment the | If Block-wise transfers [RFC7959] are supported, the client may | |||
first application CoAP request before protecting it as an original | fragment the first CoAP application request before protecting it as | |||
message with OSCORE, as defined in Section 4.1.3.4.1 of [RFC8613]. | an original message with OSCORE as defined in Section 4.1.3.4.1 of | |||
[RFC8613]. | ||||
In such a case, the OSCORE processing in step 2 of Section 3.2.1 is | In such a case, the OSCORE processing in Step 2 of Section 3.2.1 is | |||
performed on each inner block of the first application CoAP request, | performed on each inner block of the first CoAP application request. | |||
and the following also applies. | The following also applies. | |||
* The client takes the additional following step between steps 2 and | * The client takes the following additional step between Steps 2 and | |||
3 of Section 3.2.1. | 3 of Section 3.2.1. | |||
A. If the OSCORE-protected request from step 2 conveys a non- | Step 2.1. If the OSCORE-protected request from Step 2 conveys a | |||
first inner block of the first application CoAP request (i.e., the | non-first inner block of the first CoAP application | |||
Block1 Option processed at step 2 had NUM different than 0), then | request (i.e., the Block1 option processed at Step 2 had | |||
the client skips the following steps and sends the OSCORE- | NUM different than 0), then the client skips the | |||
protected request to the server. In particular, the client MUST | following steps and sends the OSCORE-protected request | |||
NOT include the EDHOC Option in the OSCORE-protected request. | to the server. In particular, the client MUST NOT | |||
include the EDHOC option in the OSCORE-protected | ||||
request. | ||||
* The client takes the additional following step between steps 3 and | * The client takes the following additional step between Steps 3 and | |||
4 of Section 3.2.1. | 4 of Section 3.2.1. | |||
B. If the size of COMB_PAYLOAD exceeds MAX_UNFRAGMENTED_SIZE (see | Step 3.1. If the size of COMB_PAYLOAD exceeds | |||
Section 4.1.3.4.2 of [RFC8613]), the client MUST stop processing | MAX_UNFRAGMENTED_SIZE (see Section 4.1.3.4.2 of | |||
the request and MUST abandon the Block-wise transfer. Then, the | [RFC8613]), the client MUST stop processing the request | |||
client can continue by switching to the sequential workflow shown | and MUST abandon the Block-wise transfer. Then, the | |||
in Figure 1. That is, the client first sends EDHOC message_3 | client can continue by switching to the sequential | |||
prepended by the EDHOC Connection Identifier C_R encoded as per | workflow shown in Figure 1. That is, the client first | |||
Section 3.3 of [RFC9528], and then sends the OSCORE-protected CoAP | sends EDHOC message_3 prepended by the EDHOC connection | |||
request once the EDHOC execution is completed. | identifier C_R encoded as per Section 3.3 of [RFC9528]. | |||
Then, the client sends the OSCORE-protected CoAP request | ||||
once the EDHOC execution is completed. | ||||
The performance advantage of using the EDHOC + OSCORE request can be | The performance advantage of using the EDHOC + OSCORE request can be | |||
lost when used in combination with Block-wise transfers that rely on | lost when used in combination with Block-wise transfers that rely on | |||
specific parameter values and block sizes. Application policies at | specific parameter values and block sizes. Application policies at | |||
the CoAP client can define when and how to detect whether the | the CoAP client can define when and how to detect whether the | |||
performance advantage is lost, and, if that is the case, whether to | performance advantage is lost. If that is the case, they can also | |||
appropriately adjust the parameter values and block sizes, or instead | define whether to appropriately adjust the parameter values and block | |||
to fall back on the sequential workflow of EDHOC. | sizes or to fall back on the sequential workflow of EDHOC. | |||
3.3. Server Processing | 3.3. Server Processing | |||
This section describes the processing on the server side. | This section describes the processing on the server side. | |||
3.3.1. Processing of the EDHOC + OSCORE Request | 3.3.1. Processing of the EDHOC + OSCORE Request | |||
In order to process a request containing the EDHOC option, i.e., an | In order to process a request containing the EDHOC option, i.e., an | |||
EDHOC + OSCORE request, the server MUST perform the following steps. | EDHOC + OSCORE request, the server MUST perform the following steps. | |||
1. Check that the EDHOC + OSCORE request includes the OSCORE option | Step 1. Check that the EDHOC + OSCORE request includes the OSCORE | |||
and that the request payload has the format defined at step 3 of | option and that the request payload has the format defined | |||
Section 3.2.1 for COMB_PAYLOAD. If this is not the case, the | at Step 3 of Section 3.2.1 for COMB_PAYLOAD. If this is not | |||
server MUST stop processing the request and MUST reply with a | the case, the server MUST stop processing the request and | |||
4.00 (Bad Request) error response. | MUST reply with a 4.00 (Bad Request) error response. | |||
2. Extract EDHOC message_3 from the payload COMB_PAYLOAD of the | Step 2. Extract EDHOC message_3 from the payload COMB_PAYLOAD of the | |||
EDHOC + OSCORE request, as the first element EDHOC_MSG_3 (see | EDHOC + OSCORE request as the first element EDHOC_MSG_3 (see | |||
step 3 of Section 3.2.1). | Step 3 of Section 3.2.1). | |||
3. Take the value of 'kid' from the OSCORE option of the EDHOC + | Step 3. Take the value of the 'kid' field from the OSCORE option of | |||
OSCORE request (i.e., the OSCORE Sender ID of the client), and | the EDHOC + OSCORE request (i.e., the OSCORE Sender ID of | |||
use it as the EDHOC connection identifier C_R. | the client), and use it as the EDHOC connection identifier | |||
C_R. | ||||
4. Retrieve the correct EDHOC session by using the connection | Step 4. Retrieve the correct EDHOC session by using the connection | |||
identifier C_R from step 3. | identifier C_R from Step 3. | |||
If the application profile used in the EDHOC session specifies | If the application profile used in the EDHOC session | |||
that EDHOC message_4 shall be sent, the server MUST stop the | specifies that EDHOC message_4 shall be sent, the server | |||
EDHOC processing and consider it failed, as due to a client | MUST stop the EDHOC processing and consider it failed due to | |||
error. | a client error. | |||
Otherwise, perform the EDHOC processing on the EDHOC message_3 | Otherwise, perform the EDHOC processing on the EDHOC | |||
extracted at step 2 as per Section 5.4.3 of [RFC9528], based on | message_3 extracted at Step 2 as per Section 5.4.3 of | |||
the protocol state of the retrieved EDHOC session. | [RFC9528] based on the protocol state of the retrieved EDHOC | |||
session. | ||||
The application profile used in the EDHOC session is the same one | The application profile used in the EDHOC session is the | |||
associated with the EDHOC resource where the server received the | same one associated with the EDHOC resource where the server | |||
request conveying EDHOC message_1 that started the session. This | received the request conveying EDHOC message_1 that started | |||
is relevant in case the server provides multiple EDHOC resources, | the session. This is relevant in case the server provides | |||
which may generally refer to different application profiles. | multiple EDHOC resources that may generally refer to | |||
different application profiles. | ||||
5. Establish a new OSCORE Security Context associated with the | Step 5. Establish a new OSCORE Security Context associated with the | |||
client as per Appendix A.1 of [RFC9528], using the EDHOC output | client as per Appendix A.1 of [RFC9528] using the EDHOC | |||
from step 4. | output from Step 4. | |||
6. Extract the OSCORE ciphertext from the payload COMB_PAYLOAD of | Step 6. Extract the OSCORE ciphertext from the payload COMB_PAYLOAD | |||
the EDHOC + OSCORE request, as the second element OSCORE_PAYLOAD | of the EDHOC + OSCORE request as the second element | |||
(see step 3 of Section 3.2.1). | OSCORE_PAYLOAD (see Step 3 of Section 3.2.1). | |||
7. Rebuild the OSCORE-protected CoAP request, as the EDHOC + OSCORE | Step 7. Rebuild the OSCORE-protected CoAP request as the EDHOC + | |||
request where the payload is replaced with the OSCORE ciphertext | OSCORE request, where the payload is replaced with the | |||
extracted at step 6. Then, remove the EDHOC option. | OSCORE ciphertext extracted at Step 6. Then, remove the | |||
EDHOC option. | ||||
8. Decrypt and verify the OSCORE-protected CoAP request rebuilt at | Step 8. Decrypt and verify the OSCORE-protected CoAP request rebuilt | |||
step 7, as per Section 8.2 of [RFC8613], by using the OSCORE | at Step 7 as per Section 8.2 of [RFC8613] by using the | |||
Security Context established at step 5. | OSCORE Security Context established at Step 5. | |||
When the decrypted request is checked for any critical CoAP | When the decrypted request is checked for any critical CoAP | |||
options (as it is during regular CoAP processing), the presence | options (as it is during regular CoAP processing), the | |||
of an EDHOC option MUST be regarded as an unprocessed critical | presence of an EDHOC option MUST be regarded as an | |||
option, unless it is processed by some further mechanism. | unprocessed critical option unless it is processed by some | |||
further mechanism. | ||||
9. Deliver the CoAP request resulting from step 8 to the | Step 9. Deliver the CoAP request resulting from Step 8 to the | |||
application. | application. | |||
If steps 4 (EDHOC processing) and 8 (OSCORE processing) are both | If Steps 4 (EDHOC processing) and 8 (OSCORE processing) are both | |||
successfully completed, the server MUST reply with an OSCORE- | successfully completed, the server MUST reply with an OSCORE- | |||
protected response (see Section 5.4.3 of [RFC9528]). The usage of | protected response (see Section 5.4.3 of [RFC9528]). The usage of | |||
EDHOC message_4 as defined in Section 5.5 of [RFC9528] is not | EDHOC message_4 as defined in Section 5.5 of [RFC9528] is not | |||
applicable to the approach defined in this document. | applicable to the approach defined in this document. | |||
If step 4 (EDHOC processing) fails, the server aborts the session as | If Step 4 (EDHOC processing) fails, the server aborts the session as | |||
per Section 5.4.3 of [RFC9528] and responds with an EDHOC error | per Section 5.4.3 of [RFC9528] and responds with an EDHOC error | |||
message with error code 1, formatted as defined in Section 6.2 of | message with error code 1, which is formatted as defined in | |||
[RFC9528]. The server MUST NOT establish a new OSCORE Security | Section 6.2 of [RFC9528]. The server MUST NOT establish a new OSCORE | |||
Context from the present EDHOC session with the client. The CoAP | Security Context from the present EDHOC session with the client. The | |||
response conveying the EDHOC error message is not protected with | CoAP response conveying the EDHOC error message is not protected with | |||
OSCORE. As per Section 9.5 of [RFC9528], the server has to make sure | OSCORE. As per Section 9.5 of [RFC9528], the server has to make sure | |||
that the error message does not reveal sensitive information. The | that the error message does not reveal sensitive information. The | |||
CoAP response conveying the EDHOC error message MUST have Content- | CoAP response conveying the EDHOC error message MUST have Content- | |||
Format set to application/edhoc+cbor-seq registered in Section 10.9 | Format set to application/edhoc+cbor-seq registered in Section 10.9 | |||
of [RFC9528]. | of [RFC9528]. | |||
If step 4 (EDHOC processing) is successfully completed but step 8 | If Step 4 (EDHOC processing) is successfully completed but Step 8 | |||
(OSCORE processing) fails, the same OSCORE error handling as defined | (OSCORE processing) fails, the same OSCORE error handling as defined | |||
in Section 8.2 of [RFC8613] applies. | in Section 8.2 of [RFC8613] applies. | |||
3.3.2. Supporting Block-wise | 3.3.2. Supporting Block-Wise Transfers | |||
If Block-wise [RFC7959] is supported, the server takes the additional | If Block-wise transfers [RFC7959] are supported, the server takes the | |||
following step before any other in Section 3.3.1. | additional following step before any other in Section 3.3.1. | |||
A. If Block-wise is present in the request, then process the Outer | Step 0. If a Block option is present in the request, then process | |||
Block options according to [RFC7959], until all blocks of the request | the Outer Block options according to [RFC7959] until all | |||
have been received (see Section 4.1.3.4 of [RFC8613]). | blocks of the request have been received (see | |||
Section 4.1.3.4 of [RFC8613]). | ||||
3.4. Example of EDHOC + OSCORE Request | 3.4. Example of the EDHOC + OSCORE Request | |||
Figure 4 shows an example of EDHOC + OSCORE Request transported over | Figure 4 shows an example of an EDHOC + OSCORE request transported | |||
UDP. In particular, the example assumes that: | over UDP. In particular, the example assumes that: | |||
* The OSCORE Partial IV in use is 0, consistently with the first | * The OSCORE Partial IV in use is 0 consistently with the first | |||
request protected with the new OSCORE Security Context. | request protected with the new OSCORE Security Context. | |||
* The OSCORE Sender ID of the client is 0x01. | * The OSCORE Sender ID of the client is 0x01. | |||
As per Section 3.3.3 of [RFC9528], this straightforwardly | As per Section 3.3.3 of [RFC9528], this straightforwardly | |||
corresponds to the EDHOC connection identifier C_R 0x01. | corresponds to the EDHOC connection identifier C_R 0x01. | |||
As per Section 3.3.2 of [RFC9528], when using the sequential flow | As per Section 3.3.2 of [RFC9528], when using the sequential flow | |||
shown in Figure 1, the same C_R with value 0x01 would be encoded | shown in Figure 1, the same C_R with a value of 0x01 would be | |||
on the wire as the CBOR integer 1 (0x01 in CBOR encoding), and | encoded on the wire as the CBOR integer 1 (0x01 in CBOR encoding) | |||
prepended to EDHOC message_3 in the payload of the second EDHOC | and prepended to EDHOC message_3 in the payload of the second | |||
request. | EDHOC request. | |||
* The EDHOC option is registered with CoAP option number 21. | ||||
Note to RFC Editor: Please delete the last bullet point in the | ||||
previous list, since, at the time of publication, the CoAP option | ||||
number will be in fact registered. | ||||
This results in the following components shown in Figure 4: | This results in the following components shown in Figure 4: | |||
* OSCORE option value: 0x090001 (3 bytes) | OSCORE option value: 0x090001 (3 bytes) | |||
* EDHOC option value: - (0 bytes) | ||||
* EDHOC message_3: 0x52d5535f3147e85f1cfacd9e78abf9e0a81bbf (19 | EDHOC option value: - (0 bytes) | |||
bytes) | ||||
* OSCORE ciphertext: 0x612f1092f1776f1c1668b3825e (13 bytes) | EDHOC message_3: 0x52d5535f3147e85f1cfacd9e78abf9e0a81bbf (19 bytes) | |||
Protected CoAP request (OSCORE message): | OSCORE ciphertext: 0x612f1092f1776f1c1668b3825e (13 bytes) | |||
0x44025d1f ; CoAP 4-byte header | 0x44025d1f ; CoAP 4-byte Header | |||
00003974 ; Token | 00003974 ; Token | |||
93 090001 ; OSCORE Option | 93 090001 ; OSCORE Option | |||
c0 ; EDHOC Option | c0 ; EDHOC Option | |||
ff 52d5535f3147e85f1cfacd9e78abf9e0a81bbf | ff 52d5535f3147e85f1cfacd9e78abf9e0a81bbf | |||
612f1092f1776f1c1668b3825e | 612f1092f1776f1c1668b3825e | |||
(46 bytes) | (46 bytes) | |||
Figure 4: Example of CoAP message transported over UDP, combining | Figure 4: Example of a Protected CoAP Request Combining EDHOC and | |||
EDHOC data and OSCORE data as signalled with the EDHOC Option. | OSCORE Data | |||
4. Use of EDHOC Connection Identifiers with OSCORE | 4. Use of EDHOC Connection Identifiers with OSCORE | |||
The OSCORE Sender/Recipient IDs are the EDHOC connection identifiers | The OSCORE Sender/Recipient IDs are the EDHOC connection identifiers | |||
(see Section 3.3.3 of [RFC9528]). This applies also to the optimized | (see Section 3.3.3 of [RFC9528]). This applies also to the optimized | |||
workflow defined in Section 3 of this document. | workflow defined in Section 3 of this document. | |||
Note that, at step 3 of Section 3.3.1, the value of 'kid' in the | Note that the value of the 'kid' field in the OSCORE option of the | |||
OSCORE Option of the EDHOC + OSCORE request is both the server's | EDHOC + OSCORE request is both the server's Recipient ID (i.e., the | |||
Recipient ID (i.e., the client's Sender ID) and the EDHOC Connection | client's Sender ID) and the EDHOC connection identifier C_R of the | |||
Identifier C_R of the server. | server at Step 3 of Section 3.3.1. | |||
4.1. Additional Processing of EDHOC Messages | 4.1. Additional Processing of EDHOC Messages | |||
When using EDHOC to establish an OSCORE Security Context, the client | When using EDHOC to establish an OSCORE Security Context, the client | |||
and server MUST perform the following additional steps during an | and server MUST perform the following additional steps during an | |||
EDHOC execution, thus extending Section 5 of [RFC9528]. | EDHOC execution, thus extending Section 5 of [RFC9528]. | |||
4.1.1. Initiator Processing of Message 1 | 4.1.1. Initiator Processing of Message 1 | |||
The Initiator selects an EDHOC Connection Identifier C_I as follows. | The Initiator selects an EDHOC connection identifier C_I as follows. | |||
The Initiator MUST choose a C_I that is neither used in any current | The Initiator MUST choose a C_I that is neither used in any current | |||
EDHOC session as this peer's EDHOC Connection Identifier, nor the | EDHOC session as this peer's EDHOC connection identifier nor the | |||
Recipient ID in a current OSCORE Security Context where the ID | Recipient ID in a current OSCORE Security Context where the ID | |||
Context is not present. | Context is not present. | |||
The chosen C_I SHOULD NOT be the Recipient ID of any current OSCORE | The chosen C_I SHOULD NOT be the Recipient ID of any current OSCORE | |||
Security Context. Note that, unless the two peers concurrently use | Security Context. Note that, unless the two peers concurrently use | |||
alternative methods to establish OSCORE Security Contexts, this | alternative methods to establish OSCORE Security Contexts, this | |||
allows the Responder to always omit the 'kid context' in the OSCORE | allows the Responder to always omit the 'kid context' in the OSCORE | |||
Option of its messages sent to the Initiator, when protecting those | option of its messages sent to the Initiator when protecting those | |||
with an OSCORE Security Context where C_I is the Responder's OSCORE | with an OSCORE Security Context where C_I is the Responder's OSCORE | |||
Sender ID (see Section 6.1 of [RFC8613]). | Sender ID (see Section 6.1 of [RFC8613]). | |||
4.1.2. Responder Processing of Message 2 | 4.1.2. Responder Processing of Message 2 | |||
The Responder selects an EDHOC Connection Identifier C_R as follows. | The Responder selects an EDHOC connection identifier C_R as follows. | |||
The Responder MUST choose a C_R that is neither used in any current | The Responder MUST choose a C_R that is none of the following: | |||
EDHOC session as this peer's EDHOC Connection Identifier, nor is | ||||
equal to the EDHOC Connection Identifier C_I specified in the EDHOC | * used in any current EDHOC session as this peer's EDHOC connection | |||
message_1 of the present EDHOC session, nor is the Recipient ID in a | identifier, | |||
current OSCORE Security Context where the ID Context is not present. | ||||
* equal to the EDHOC connection identifier C_I specified in the | ||||
EDHOC message_1 of the present EDHOC session, or | ||||
* the Recipient ID in a current OSCORE Security Context where the ID | ||||
Context is not present. | ||||
The chosen C_R SHOULD NOT be the Recipient ID of any current OSCORE | The chosen C_R SHOULD NOT be the Recipient ID of any current OSCORE | |||
Security Context. Note that, for a reason analogous to the one given | Security Context. Note that, for a reason analogous to the one given | |||
above with C_I, this allows the Initiator to always omit the 'kid | in Section 4.1.1 with C_I, this allows the Initiator to always omit | |||
context' in the OSCORE Option of its messages sent to the Responder, | the 'kid context' in the OSCORE option of its messages sent to the | |||
when protecting those with an OSCORE Security Context where C_R is | Responder when protecting those with an OSCORE Security Context where | |||
the Initiator's OSCORE Sender ID (see Section 6.1 of [RFC8613]). | C_R is the Initiator's OSCORE Sender ID (see Section 6.1 of | |||
[RFC8613]). | ||||
4.1.3. Initiator Processing of Message 2 | 4.1.3. Initiator Processing of Message 2 | |||
If the EDHOC Connection Identifier C_I is equal to the EDHOC | If the EDHOC connection identifier C_I is equal to the EDHOC | |||
Connection Identifier C_R specified in EDHOC message_2, then the | connection identifier C_R specified in EDHOC message_2, then the | |||
Initiator MUST abort the session and reply with an EDHOC error | Initiator MUST abort the session and reply with an EDHOC error | |||
message with error code 1, formatted as defined in Section 6.2 of | message with error code 1 formatted as defined in Section 6.2 of | |||
[RFC9528]. | [RFC9528]. | |||
5. Extension and Consistency of Application Profiles | 5. Extension and Consistency of Application Profiles | |||
It is possible to include the information below in the application | It is possible to include the information below in the application | |||
profile referred by the client and server, according to the specified | profile referred by the client and server according to the specified | |||
consistency rules. | consistency rules. | |||
If the server supports the EDHOC + OSCORE request within an EDHOC | If the server supports the EDHOC + OSCORE request within an EDHOC | |||
execution started at a certain EDHOC resource, then the application | execution started at a certain EDHOC resource, then the application | |||
profile associated with that resource SHOULD explicitly specify | profile associated with that resource SHOULD explicitly specify | |||
support for the EDHOC + OSCORE request. | support for the EDHOC + OSCORE request. | |||
In case the application profile indicates that the server supports | In the case where the application profile indicates that the server | |||
the optional EDHOC message_4 (see Section 5.5 of [RFC9528]), it is | supports the optional EDHOC message_4 (see Section 5.5 of [RFC9528]), | |||
still possible to use the optimized workflow based on the EDHOC + | it is still possible to use the optimized workflow based on the EDHOC | |||
OSCORE request. However, this means the server is not going to send | + OSCORE request. However, this means that the server is not going | |||
EDHOC message_4, since it is not applicable to the optimized workflow | to send EDHOC message_4 since it is not applicable to the optimized | |||
(see Section 3.3.1). | workflow (see Section 3.3.1). | |||
Also, in case the application profile indicates that the server shall | Also, in the case where the application profile indicates that the | |||
send EDHOC message_4, then the application profile MUST NOT specify | server shall send EDHOC message_4, the application profile MUST NOT | |||
support for the EDHOC + OSCORE request, and there is no point for the | specify support for the EDHOC + OSCORE request. There is no point | |||
client to use the optimized workflow, which is bound to fail (see | for the client to use the optimized workflow that is bound to fail | |||
Section 3.3.1). | (see Section 3.3.1). | |||
6. Web Linking | 6. Web Linking | |||
Section 10.10 of [RFC9528] registers the resource type "core.edhoc", | Section 10.10 of [RFC9528] registers the resource type "core.edhoc", | |||
which can be used as target attribute in a web link [RFC8288] to an | which can be used as target attribute in a web link [RFC8288] to an | |||
EDHOC resource, e.g., using a link-format document [RFC6690]. This | EDHOC resource, e.g., using a link-format document [RFC6690]. This | |||
enables clients to discover the presence of EDHOC resources at a | enables clients to discover the presence of EDHOC resources at a | |||
server, possibly using the resource type as filter criterion. | server, possibly using the resource type as a filter criterion. | |||
At the same time, the application profile associated with an EDHOC | At the same time, the application profile associated with an EDHOC | |||
resource provides information describing how the EDHOC protocol can | resource provides information describing how the EDHOC protocol can | |||
be used through that resource. A client may become aware of the | be used through that resource. A client may become aware of the | |||
application profile, e.g., by obtaining its information elements upon | application profile, e.g., by obtaining its information elements upon | |||
discovering the EDHOC resources at the server. This allows the | discovering the EDHOC resources at the server. This allows the | |||
client to discover especially the EDHOC resources whose associated | client to discover the EDHOC resources whose associated application | |||
application profile denotes a way of using EDHOC which is most | profile denotes a way of using EDHOC that is most suitable to the | |||
suitable to the client, e.g., with EDHOC cipher suites or | client, e.g., with EDHOC cipher suites or authentication methods that | |||
authentication methods that the client also supports or prefers. | the client also supports or prefers. | |||
That is, while discovering an EDHOC resource, a client can | That is, while discovering an EDHOC resource, a client can | |||
contextually obtain relevant pieces of information from the | contextually obtain relevant pieces of information from the | |||
application profile associated with that resource. The resource | application profile associated with that resource. The resource | |||
discovery can occur by means of a direct interaction with the server, | discovery can occur by means of a direct interaction with the server | |||
or instead by means of the CoRE Resource Directory [RFC9176], where | or by means of the CoRE Resource Directory [RFC9176] where the server | |||
the server may have registered the links to its resources. | may have registered the links to its resources. | |||
In order to enable the above, this section defines a number of | In order to enable the above, this section defines a number of | |||
parameters, each of which can be optionally specified as a target | parameters, each of which can be optionally specified as a target | |||
attribute with the same name in the link to the respective EDHOC | attribute with the same name in the link to the respective EDHOC | |||
resource, or as filter criteria in a discovery request from the | resource or as filter criterion in a discovery request from the | |||
client. When specifying these parameters in a link to an EDHOC | client. When specifying these parameters in a link to an EDHOC | |||
resource, the target attribute rt="core.edhoc" MUST be included, and | resource, the target attribute rt="core.edhoc" MUST be included and | |||
the same consistency rules defined in Section 5 for the corresponding | the same consistency rules defined in Section 5 for the corresponding | |||
information elements of an application profile MUST be followed. | information elements of an application profile MUST be followed. | |||
The following parameters are defined. | The following parameters are defined. | |||
* 'ed-i', specifying, if present, that the server supports the EDHOC | 'ed-i': If present, specifies that the server supports the EDHOC | |||
Initiator role, hence the reverse message flow of EDHOC. A value | Initiator role, hence the reverse message flow of EDHOC. A value | |||
MUST NOT be given to this parameter and any present value MUST be | MUST NOT be given to this parameter and any present value MUST be | |||
ignored by the recipient. | ignored by the recipient. | |||
* 'ed-r', specifying, if present, that the server supports the EDHOC | 'ed-r': If present, specifies that the server supports the EDHOC | |||
Responder role, hence the forward message flow of EDHOC. A value | Responder role, hence the forward message flow of EDHOC. A value | |||
MUST NOT be given to this parameter and any present value MUST be | MUST NOT be given to this parameter and any present value MUST be | |||
ignored by the recipient. | ignored by the recipient. | |||
* 'ed-method', specifying an authentication method supported by the | 'ed-method': Specifies an authentication method supported by the | |||
server. This parameter MUST specify a single value, which is | server. This parameter MUST specify a single value, which is | |||
taken from the 'Value' column of the "EDHOC Method Type" registry | taken from the 'Value' column of the "EDHOC Method Type" registry | |||
defined in Section 10.3 of [RFC9528]. This parameter MAY occur | defined in Section 10.3 of [RFC9528]. This parameter MAY occur | |||
multiple times, with each occurrence specifying an authentication | multiple times, with each occurrence specifying an authentication | |||
method. | method. | |||
* 'ed-csuite', specifying an EDHOC cipher suite supported by the | 'ed-csuite': Specifies an EDHOC cipher suite supported by the | |||
server. This parameter MUST specify a single value, which is | server. This parameter MUST specify a single value, which is | |||
taken from the 'Value' column of the "EDHOC Cipher Suites" | taken from the 'Value' column of the "EDHOC Cipher Suites" | |||
registry defined in Section 10.2 of [RFC9528]. This parameter MAY | registry defined in Section 10.2 of [RFC9528]. This parameter MAY | |||
occur multiple times, with each occurrence specifying a cipher | occur multiple times, with each occurrence specifying a cipher | |||
suite. | suite. | |||
* 'ed-cred-t', specifying a type of authentication credential | 'ed-cred-t': Specifies a type of authentication credential supported | |||
supported by the server. This parameter MUST specify a single | by the server. This parameter MUST specify a single value, which | |||
value, which is taken from the 'Value' column of the "EDHOC | is taken from the 'Value' column of the "EDHOC Authentication | |||
Authentication Credential Types" Registry defined in Section 8.3 | Credential Types" Registry defined in Section 8.3 of this | |||
of this document. This parameter MAY occur multiple times, with | document. This parameter MAY occur multiple times, with each | |||
each occurrence specifying a type of authentication credential. | occurrence specifying a type of authentication credential. | |||
* 'ed-idcred-t', specifying a type of identifier supported by the | 'ed-idcred-t': Specifies a type of identifier supported by the | |||
server for identifying authentication credentials. This parameter | server for identifying authentication credentials. This parameter | |||
MUST specify a single value, which is taken from the 'Label' | MUST specify a single value, which is taken from the 'Label' | |||
column of the "COSE Header Parameters" registry | column of the "COSE Header Parameters" registry | |||
[COSE.Header.Parameters]. This parameter MAY occur multiple | [COSE.Header.Parameters]. This parameter MAY occur multiple | |||
times, with each occurrence specifying a type of identifier for | times, with each occurrence specifying a type of identifier for | |||
authentication credentials. | authentication credentials. | |||
Note that the values in the 'Label' column of the "COSE Header | Note that the values in the 'Label' column of the "COSE Header | |||
Parameters" registry are strongly typed. On the contrary, Link | Parameters" registry are strongly typed. On the contrary, CoRE | |||
Format is weakly typed and thus does not distinguish between, for | Link Format is weakly typed; thus, it does not distinguish | |||
instance, the string value "-10" and the integer value -10. Thus, | between, for instance, the string value "-10" and the integer | |||
if responses in Link Format are returned, string values which look | value -10. Therefore, if responses in CoRE Link Format are | |||
like an integer are not supported. Therefore, such values MUST | returned, string values that look like an integer are not | |||
NOT be used in the 'ed-idcred-t' parameter. | supported. Thus, such values MUST NOT be used in the 'ed-idcred- | |||
t' parameter. | ||||
* 'ed-ead', specifying the support of the server for an External | 'ed-ead': Specifies the support of the server for an External | |||
Authorization Data (EAD) item (see Section 3.8 of [RFC9528]). | Authorization Data (EAD) item (see Section 3.8 of [RFC9528]). | |||
This parameter MUST specify a single value, which is taken from | This parameter MUST specify a single value, which is taken from | |||
the 'Label' column of the "EDHOC External Authorization Data" | the 'Label' column of the "EDHOC External Authorization Data" | |||
registry defined in Section 10.5 of [RFC9528]. This parameter MAY | registry defined in Section 10.5 of [RFC9528]. This parameter MAY | |||
occur multiple times, with each occurrence specifying the | occur multiple times, with each occurrence specifying the | |||
ead_label of an EAD item that the server supports. | ead_label of an EAD item that the server supports. | |||
* 'ed-comb-req', specifying, if present, that the server supports | 'ed-comb-req': If present, specifies that the server supports the | |||
the EDHOC + OSCORE request defined in Section 3. A value MUST NOT | EDHOC + OSCORE request defined in Section 3. A value MUST NOT be | |||
be given to this parameter and any present value MUST be ignored | given to this parameter and any present value MUST be ignored by | |||
by the recipient. | the recipient. | |||
(Future documents may update the definition of the parameters 'ed-i', | Future documents may update the definition of the parameters 'ed-i', | |||
'ed-r', and 'ed-comb-req', by expanding their semantics and | 'ed-r', and 'ed-comb-req' by expanding their semantics and specifying | |||
specifying what they can take as value.) | what they can take as value. | |||
The example in Figure 5 shows how a client discovers one EDHOC | The example in Figure 5 shows how a client discovers one EDHOC | |||
resource at a server, obtaining information elements from the | resource at a server and obtains information elements from the | |||
respective application profile. The Link Format notation from | respective application profile. The CoRE Link Format notation from | |||
Section 5 of [RFC6690] is used. | Section 5 of [RFC6690] is used. | |||
REQ: GET /.well-known/core | REQ: GET /.well-known/core | |||
RES: 2.05 Content | RES: 2.05 Content | |||
</sensors/temp>;osc, | </sensors/temp>;osc, | |||
</sensors/light>;if=sensor, | </sensors/light>;if=sensor, | |||
</.well-known/edhoc>;rt=core.edhoc;ed-csuite=0;ed-csuite=2; | </.well-known/edhoc>;rt=core.edhoc;ed-csuite=0;ed-csuite=2; | |||
ed-method=0;ed-cred-t=1;ed-cred-t=3;ed-idcred-t=4; | ed-method=0;ed-cred-t=0;ed-cred-t=1;ed-idcred-t=4; | |||
ed-i;ed-r;ed-comb-req | ed-i;ed-r;ed-comb-req | |||
Figure 5: The Web Link. | Figure 5: The Web Link | |||
7. Security Considerations | 7. Security Considerations | |||
The same security considerations from OSCORE [RFC8613] and EDHOC | The same security considerations from OSCORE [RFC8613] and EDHOC | |||
[RFC9528] hold for this document. In addition, the following | [RFC9528] hold for this document. In addition, the following | |||
considerations also apply. | considerations apply. | |||
Section 3.2.1 specifies that a client SHOULD NOT have multiple | Section 3.2.1 specifies that a client SHOULD NOT have multiple | |||
outstanding EDHOC + OSCORE requests pertaining to the same EDHOC | outstanding EDHOC + OSCORE requests pertaining to the same EDHOC | |||
session. Even if a client did not fulfill this requirement, it would | session. Even if a client did not fulfill this requirement, it would | |||
not have any impact in terms of security. That is, the server would | not have any impact in terms of security. That is, the server would | |||
still not process different instances of the same EDHOC message_3 | still not process different instances of the same EDHOC message_3 | |||
more than once in the same EDHOC session (see Section 5.1 of | more than once in the same EDHOC session (see Section 5.1 of | |||
[RFC9528]), and would still enforce replay protection of the OSCORE- | [RFC9528]) and would still enforce replay protection of the OSCORE- | |||
protected request (see Sections 7.4 and 8.2 of [RFC8613]). | protected request (see Sections 7.4 and 8.2 of [RFC8613]). | |||
When using the optimized workflow in Figure 2, a minimum of 128-bit | When using the optimized workflow in Figure 2, a minimum of 128-bit | |||
security against online brute force attacks is achieved after the | security against online brute-force attacks is achieved after the | |||
client receives and successfully verifies the first OSCORE-protected | client receives and successfully verifies the first OSCORE-protected | |||
response (see Sections 9.1 and 9.4 of [RFC9528]). As an example, if | response (see Sections 9.1 and 9.4 of [RFC9528]). As an example, if | |||
EDHOC is used with method 3 (see Section 3.2 of [RFC9528]) and cipher | EDHOC is used with method 3 (see Section 3.2 of [RFC9528]) and cipher | |||
suite 2 (see Section 3.6 of [RFC9528]), then the following holds. | suite 2 (see Section 3.6 of [RFC9528]), then the following holds: | |||
* The Initiator is authenticated with 128-bit security against | * The Initiator is authenticated with 128-bit security against | |||
online attacks. As per Section 9.1 of [RFC9528], this results | online attacks. As per Section 9.1 of [RFC9528], this results | |||
from the combination of the strength of the 64-bit MAC in EDHOC | from the combination of the strength of the 64-bit Message | |||
message_3 and of the 64-bit MAC in the AEAD of the first OSCORE- | Authentication Code (MAC) in EDHOC message_3 and of the 64-bit MAC | |||
protected CoAP request, as rebuilt at step 7 of Section 3.3.1. | in the Authenticated Encryption with Associated Data (AEAD) of the | |||
first OSCORE-protected CoAP request as rebuilt at Step 7 of | ||||
Section 3.3.1. | ||||
* The Responder is authenticated with 128-bit security against | * The Responder is authenticated with 128-bit security against | |||
online attacks. As per Section 9.1 of [RFC9528], this results | online attacks. As per Section 9.1 of [RFC9528], this results | |||
from the combination of the strength of the 64-bit MAC in EDHOC | from the combination of the strength of the 64-bit MAC in EDHOC | |||
message_2 and of the 64-bit MAC in the AEAD of the first OSCORE- | message_2 and of the 64-bit MAC in the AEAD of the first OSCORE- | |||
protected CoAP response. | protected CoAP response. | |||
With reference to the sequential workflow in Figure 1, the OSCORE | With reference to the sequential workflow in Figure 1, the OSCORE | |||
request might have to undergo access control checks at the server, | request might have to undergo access-control checks at the server | |||
before being actually executed for accessing the target protected | before being actually executed for accessing the target protected | |||
resource. The same MUST hold when the optimized workflow in Figure 2 | resource. The same MUST hold when the optimized workflow in Figure 2 | |||
is used, i.e., when using the EDHOC + OSCORE request. | is used, i.e., when using the EDHOC + OSCORE request. | |||
That is, the rebuilt OSCORE-protected application request from step 7 | That is, the rebuilt OSCORE-protected application request from Step 7 | |||
in Section 3.3.1 MUST undergo the same access control checks that | in Section 3.3.1 MUST undergo the same access-control checks that | |||
would be performed on a traditional OSCORE-protected application | would be performed on a traditional OSCORE-protected application | |||
request sent individually as shown in Figure 1. | request sent individually as shown in Figure 1. | |||
To this end, validated information to perform access control checks | To this end, validated information to perform access-control checks | |||
(e.g., an access token issued by a trusted party) has to be available | (e.g., an access token issued by a trusted party) has to be available | |||
at the server before starting to process the rebuilt OSCORE-protected | at the server before starting to process the rebuilt OSCORE-protected | |||
application request. Such information may have been provided to the | application request. Such information may have been provided to the | |||
server separately before starting the EDHOC execution altogether, or | server separately before starting the EDHOC execution altogether, or | |||
instead as External Authorization Data during the EDHOC execution | instead as External Authorization Data during the EDHOC execution | |||
(see Section 3.8 of [RFC9528]). | (see Section 3.8 of [RFC9528]). | |||
Thus, a successful completion of the EDHOC protocol and the following | Thus, a successful completion of the EDHOC protocol and the following | |||
derivation of the OSCORE Security Context at the server do not play a | derivation of the OSCORE Security Context at the server do not play a | |||
role in determining whether the rebuilt OSCORE-protected request is | role in determining whether the rebuilt OSCORE-protected request is | |||
authorized to access the target protected resource at the server. | authorized to access the target protected resource at the server. | |||
8. IANA Considerations | 8. IANA Considerations | |||
This document has the following actions for IANA. | This document has the following actions for IANA. | |||
Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" | ||||
with the RFC number of this specification and delete this paragraph. | ||||
8.1. CoAP Option Numbers Registry | 8.1. CoAP Option Numbers Registry | |||
IANA is asked to enter the following option number to the "CoAP | IANA has registered the following option number in the "CoAP Option | |||
Option Numbers" registry within the "CoRE Parameters" registry group. | Numbers" registry within the "Constrained RESTful Environments (CoRE) | |||
Parameters" registry group. | ||||
+========+=======+============+ | ||||
| Number | Name | Reference | | ||||
+========+=======+============+ | ||||
| 21 | EDHOC | [RFC-XXXX] | | ||||
+--------+-------+------------+ | ||||
Table 2: Registrations in | ||||
CoAP Option Numbers | ||||
Registry | ||||
Note to RFC Editor: Please delete this paragraph and all the | ||||
following text within the present Section 8.1. | ||||
[ | ||||
The CoAP option number 21 is consistent with the properties of the | ||||
EDHOC Option defined in Section 3.1, and it allows the EDHOC Option | ||||
to always result in an overall size of 1 byte. This is because: | ||||
* The EDHOC option is always empty, i.e., with zero-length value; | ||||
and | ||||
* Since the OSCORE Option with option number 9 is always present in | ||||
the EDHOC + OSCORE request, the EDHOC Option is encoded with a | ||||
delta equal to at most 12. | ||||
Although the currently unassigned option number 13 would also work | +========+=======+===========+ | |||
well for the same reasons in the use case in question, different use | | Number | Name | Reference | | |||
cases or protocols may make a better use of the option number 13. | +========+=======+===========+ | |||
Hence the preference for the option number 21, and why it is _not_ | | 21 | EDHOC | RFC 9668 | | |||
necessary to register additional option numbers than 21. | +--------+-------+-----------+ | |||
] | Table 2: Registration in | |||
the "CoAP Option Numbers" | ||||
Registry | ||||
8.2. Target Attributes Registry | 8.2. Target Attributes Registry | |||
IANA is asked to register the following entries in the "Target | IANA has registered the following entries in the "Target Attributes" | |||
Attributes" registry [CORE.Target.Attributes] within the "Constrained | registry [CORE.Target.Attributes] within the "Constrained RESTful | |||
RESTful Environments (CoRE) Parameters" registry group, as per | Environments (CoRE) Parameters" registry group as per [RFC9423]. For | |||
[I-D.ietf-core-target-attr]. For all entries, the Change Controller | all entries, the Change Controller is "IETF" and the reference is | |||
is IETF, and the reference is [RFC-XXXX]. | "[RFC 9668]". | |||
+=================+=============================================+ | +================+=============================================+ | |||
| Attribute Name: | Brief Description: | | | Attribute Name | Brief Description | | |||
+=================+=============================================+ | +================+=============================================+ | |||
| ed-i | Hint: support for the EDHOC Initiator role | | | ed-i | Hint: support for the EDHOC Initiator role | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-r | Hint: support for the EDHOC Responder role | | | ed-r | Hint: support for the EDHOC Responder role | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-method | A supported authentication method for EDHOC | | | ed-method | A supported authentication method for EDHOC | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-csuite | A supported cipher suite for EDHOC | | | ed-csuite | A supported cipher suite for EDHOC | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-cred-t | A supported type of authentication | | | ed-cred-t | A supported type of authentication | | |||
| | credential for EDHOC | | | | credential for EDHOC | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-idcred-t | A supported type of authentication | | | ed-idcred-t | A supported type of authentication | | |||
| | credential identifier for EDHOC | | | | credential identifier for EDHOC | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-ead | A supported External Authorization Data | | | ed-ead | A supported External Authorization Data | | |||
| | (EAD) item for EDHOC | | | | (EAD) item for EDHOC | | |||
+-----------------+---------------------------------------------+ | +----------------+---------------------------------------------+ | |||
| ed-comb-req | Hint: support for the EDHOC+OSCORE request | | | ed-comb-req | Hint: support for the EDHOC + OSCORE | | |||
+-----------------+---------------------------------------------+ | | | request | | |||
+----------------+---------------------------------------------+ | ||||
Table 3: Registrations in Target Attributes Registry | Table 3: Registrations in the "Target Attributes" Registry | |||
8.3. EDHOC Authentication Credential Types Registry | 8.3. EDHOC Authentication Credential Types Registry | |||
IANA is requested to create a new "EDHOC Authentication Credential | IANA has created the "EDHOC Authentication Credential Types" registry | |||
Types" registry within the "Ephemeral Diffie-Hellman Over COSE | within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry | |||
(EDHOC)" registry group defined in [RFC9528]. | group defined in [RFC9528]. | |||
As registration policy, the registry uses either "Standards Action | The registration policy is either "Private Use", "Standards Action | |||
with Expert Review", or "Specification Required" per Section 4.6 of | with Expert Review", or "Specification Required" per [RFC8126]. | |||
[RFC8126]. Expert Review guidelines are provided in Section 8.4. | "Expert Review" guidelines are provided in Section 8.4. | |||
All assignments according to "Standards Action with Expert Review" | All assignments according to "Standards Action with Expert Review" | |||
are made on a "Standards Action" basis per Section 4.9 of [RFC8126], | are made on a "Standards Action" basis per Section 4.9 of [RFC8126] | |||
with Expert Review additionally required per Section 4.5 of | with "Expert Review" additionally required per Section 4.5 of | |||
[RFC8126]. The procedure for early IANA allocation of Standards | [RFC8126]. The procedure for early IANA allocation of "standards | |||
Track code points defined in [RFC7120] also applies. When such a | track code points" defined in [RFC7120] also applies. When such a | |||
procedure is used, review and approval by the designated expert are | procedure is used, IANA will ask the designated expert(s) to approve | |||
also required, in order for the WG chairs to determine that the | the early allocation before registration. In addition, working group | |||
conditions for early allocation are met (see step 2 in Section 3.1 of | chairs are encouraged to consult the expert(s) early during the | |||
[RFC7120]). | process outlined in Section 3.1 of [RFC7120]. | |||
The columns of this registry are: | The columns of this registry are: | |||
* Value: This field contains the value used to identify the type of | Value: This field contains the value used to identify the type of | |||
authentication credential. These values MUST be unique. The | authentication credential. These values MUST be unique. The | |||
value can be an unsigned integer or a negative integer, in the | value can be an unsigned integer or a negative integer. Different | |||
range from -65536 to 65535. Different ranges of values use | ranges of values use different registration policies: | |||
different registration policies [RFC8126]: | ||||
- Integer values from -24 to 23 are designated as "Standards | * Integer values from -24 to 23 are designated as "Standards | |||
Action With Expert Review". | Action With Expert Review". | |||
- Integer values from -65536 to -25 and from 24 to 65535 are | * Integer values from -65536 to -25 and from 24 to 65535 are | |||
designated as "Specification Required". | designated as "Specification Required". | |||
- Integer values smaller than -65536 and greater than 65535 are | * Integer values smaller than -65536 and greater than 65535 are | |||
marked as "Private Use". | marked as "Private Use". | |||
* Description: This field contains a short description of the type | Description: This field contains a short description of the type of | |||
of authentication credential. | authentication credential. | |||
* Reference: This field contains a pointer to the public | ||||
specification for the type of authentication credential. | ||||
Initial entries in this registry are as listed in Table 4. | Reference: This field contains a pointer to the public specification | |||
for the type of authentication credential. | ||||
+=======+============================================+===========+ | +=======+============================================+===========+ | |||
| Value | Description | Reference | | | Value | Description | Reference | | |||
+=======+============================================+===========+ | +=======+============================================+===========+ | |||
| 0 | CBOR Web Token (CWT) containing a COSE_Key | [RFC8392] | | | 0 | CBOR Web Token (CWT) containing a COSE_Key | [RFC8392] | | |||
| | in a 'cnf' claim and possibly other | | | | | in a 'cnf' claim and possibly other | | | |||
| | claims. CWT is defined in RFC 8392. | | | | | claims. CWT is defined in RFC 8392. | | | |||
+-------+--------------------------------------------+-----------+ | +-------+--------------------------------------------+-----------+ | |||
| 1 | CWT Claims Set (CCS) containing a COSE_Key | [RFC8392] | | | 1 | CWT Claims Set (CCS) containing a COSE_Key | [RFC8392] | | |||
| | in a 'cnf' claim and possibly other | | | | | in a 'cnf' claim and possibly other | | | |||
| | claims. CCS is defined in RFC 8392. | | | | | claims. CCS is defined in RFC 8392. | | | |||
+-------+--------------------------------------------+-----------+ | +-------+--------------------------------------------+-----------+ | |||
| 2 | X.509 certificate | [RFC5280] | | | 2 | X.509 certificate | [RFC5280] | | |||
+-------+--------------------------------------------+-----------+ | +-------+--------------------------------------------+-----------+ | |||
Table 4: Initial Entries in the "EDHOC Authentication | Table 4: Initial Entries in the "EDHOC Authentication | |||
Credential Types" Registry | Credential Types" Registry | |||
8.4. Expert Review Instructions | 8.4. Expert Review Instructions | |||
The IANA registry established in this document is defined as | "Standards Action with Expert Review" and "Specification Required" | |||
"Standards Action with Expert Review" or "Specification Required", | are two of the registration policies defined for the IANA registry | |||
depending on the range of values for which an assignment is | established in Section 8.3. This section gives some general | |||
requested. This section gives some general guidelines for what the | guidelines for what the experts should be looking for; however, they | |||
experts should be looking for; but they are being designated as | are being designated as experts for a reason, so they should be given | |||
experts for a reason, so they should be given substantial latitude. | substantial latitude. | |||
Expert reviewers should take into consideration the following points: | Expert reviewers should take into consideration the following points: | |||
* Clarity and correctness of registrations. Experts are expected to | * Clarity and correctness of registrations. Experts are expected to | |||
check the clarity of purpose and use of the requested entries. | check the clarity of purpose and use of the requested entries. | |||
Experts need to make sure that registered identifiers indicate a | Experts need to make sure that registered identifiers indicate a | |||
type of authentication credential whose format and encoding is | type of authentication credential whose format and encoding is | |||
clearly defined in the corresponding specification. Identifiers | clearly defined in the corresponding specification. Identifiers | |||
of types of authentication credentials that do not meet these | of types of authentication credentials that do not meet these | |||
objective of clarity and completeness must not be registered. | objectives of clarity and completeness must not be registered. | |||
* Point squatting should be discouraged. Reviewers are encouraged | * Point squatting should be discouraged. Reviewers are encouraged | |||
to get sufficient information for registration requests to ensure | to get sufficient information for registration requests to ensure | |||
that the usage is not going to duplicate one that is already | that the usage is not going to duplicate one that is already | |||
registered and that the point is likely to be used in deployments. | registered and that the point is likely to be used in deployments. | |||
The zones tagged as "Private Use" are intended for testing | The zones tagged as "Private Use" are intended for testing | |||
purposes and closed environments. Code points in other ranges | purposes and closed environments. Code points in other ranges | |||
should not be assigned for testing. | should not be assigned for testing. | |||
* Specifications are required for the "Standards Action With Expert | * Specifications are required for the "Standards Action With Expert | |||
Review" range of point assignment. Specifications should exist | Review" range of point assignment. Specifications should exist | |||
for "Specification Required" ranges, but early assignment before a | for "Specification Required" ranges, but early assignment before a | |||
specification is available is considered to be permissible. When | specification is available is considered to be permissible. When | |||
specifications are not provided, the description provided needs to | specifications are not provided, the description provided needs to | |||
have sufficient information to identify what the point is being | have sufficient information to identify what the point is being | |||
used for. | used for. | |||
* Experts should take into account the expected usage of fields when | * Experts should take into account the expected usage of fields when | |||
approving point assignment. The fact that there is a range for | approving point assignment. Documents published via Standards | |||
Standards Track documents does not mean that a Standards Track | Action can also register points outside the Standards Action | |||
document cannot have points assigned outside of that range. The | range. The length of the encoded value should be weighed against | |||
length of the encoded value should be weighed against how many | how many code points of that length are left, the size of device | |||
code points of that length are left, the size of device it will be | it will be used on, and the number of code points left that encode | |||
used on, and the number of code points left that encode to that | to that size. | |||
size. | ||||
9. References | 9. References | |||
9.1. Normative References | 9.1. Normative References | |||
[CORE.Target.Attributes] | [CORE.Target.Attributes] | |||
IANA, "Target Attributes", | IANA, "Target Attributes", | |||
<https://www.iana.org/assignments/core-parameters/core- | <https://www.iana.org/assignments/core-parameters>. | |||
parameters.xhtml#target-attributes>. | ||||
[COSE.Header.Parameters] | [COSE.Header.Parameters] | |||
IANA, "COSE Header Parameters", | IANA, "COSE Header Parameters", | |||
<https://www.iana.org/assignments/cose/cose.xhtml#header- | <https://www.iana.org/assignments/cose>. | |||
parameters>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/rfc/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
<https://www.rfc-editor.org/rfc/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
[RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link | [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link | |||
Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, | Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, | |||
<https://www.rfc-editor.org/rfc/rfc6690>. | <https://www.rfc-editor.org/info/rfc6690>. | |||
[RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code | [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code | |||
Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January | Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January | |||
2014, <https://www.rfc-editor.org/rfc/rfc7120>. | 2014, <https://www.rfc-editor.org/info/rfc7120>. | |||
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained | [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained | |||
Application Protocol (CoAP)", RFC 7252, | Application Protocol (CoAP)", RFC 7252, | |||
DOI 10.17487/RFC7252, June 2014, | DOI 10.17487/RFC7252, June 2014, | |||
<https://www.rfc-editor.org/rfc/rfc7252>. | <https://www.rfc-editor.org/info/rfc7252>. | |||
[RFC7959] Bormann, C. and Z. Shelby, Ed., "Block-Wise Transfers in | [RFC7959] Bormann, C. and Z. Shelby, Ed., "Block-Wise Transfers in | |||
the Constrained Application Protocol (CoAP)", RFC 7959, | the Constrained Application Protocol (CoAP)", RFC 7959, | |||
DOI 10.17487/RFC7959, August 2016, | DOI 10.17487/RFC7959, August 2016, | |||
<https://www.rfc-editor.org/rfc/rfc7959>. | <https://www.rfc-editor.org/info/rfc7959>. | |||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
<https://www.rfc-editor.org/rfc/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
[RFC8288] Nottingham, M., "Web Linking", RFC 8288, | [RFC8288] Nottingham, M., "Web Linking", RFC 8288, | |||
DOI 10.17487/RFC8288, October 2017, | DOI 10.17487/RFC8288, October 2017, | |||
<https://www.rfc-editor.org/rfc/rfc8288>. | <https://www.rfc-editor.org/info/rfc8288>. | |||
[RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | |||
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | |||
May 2018, <https://www.rfc-editor.org/rfc/rfc8392>. | May 2018, <https://www.rfc-editor.org/info/rfc8392>. | |||
[RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
"Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
(OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | |||
<https://www.rfc-editor.org/rfc/rfc8613>. | <https://www.rfc-editor.org/info/rfc8613>. | |||
[RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | |||
Representation (CBOR)", STD 94, RFC 8949, | Representation (CBOR)", STD 94, RFC 8949, | |||
DOI 10.17487/RFC8949, December 2020, | DOI 10.17487/RFC8949, December 2020, | |||
<https://www.rfc-editor.org/rfc/rfc8949>. | <https://www.rfc-editor.org/info/rfc8949>. | |||
[RFC9176] Amsüss, C., Ed., Shelby, Z., Koster, M., Bormann, C., and | [RFC9176] Amsüss, C., Ed., Shelby, Z., Koster, M., Bormann, C., and | |||
P. van der Stok, "Constrained RESTful Environments (CoRE) | P. van der Stok, "Constrained RESTful Environments (CoRE) | |||
Resource Directory", RFC 9176, DOI 10.17487/RFC9176, April | Resource Directory", RFC 9176, DOI 10.17487/RFC9176, April | |||
2022, <https://www.rfc-editor.org/rfc/rfc9176>. | 2022, <https://www.rfc-editor.org/info/rfc9176>. | |||
[RFC9528] Selander, G., Preuß Mattsson, J., and F. Palombini, | [RFC9528] Selander, G., Preuß Mattsson, J., and F. Palombini, | |||
"Ephemeral Diffie-Hellman Over COSE (EDHOC)", RFC 9528, | "Ephemeral Diffie-Hellman Over COSE (EDHOC)", RFC 9528, | |||
DOI 10.17487/RFC9528, March 2024, | DOI 10.17487/RFC9528, March 2024, | |||
<https://www.rfc-editor.org/rfc/rfc9528>. | <https://www.rfc-editor.org/info/rfc9528>. | |||
9.2. Informative References | 9.2. Informative References | |||
[I-D.ietf-core-target-attr] | [RFC9423] Bormann, C., "Constrained RESTful Environments (CoRE) | |||
Bormann, C., "CoRE Target Attributes Registry", Work in | Target Attributes Registry", RFC 9423, | |||
Progress, Internet-Draft, draft-ietf-core-target-attr-06, | DOI 10.17487/RFC9423, April 2024, | |||
11 October 2023, <https://datatracker.ietf.org/doc/html/ | <https://www.rfc-editor.org/info/rfc9423>. | |||
draft-ietf-core-target-attr-06>. | ||||
Appendix A. Document Updates | ||||
This section is to be removed before publishing as an RFC. | ||||
A.1. Version -10 to -11 | ||||
* Avoid using quotation marks for CBOR Simple Values. | ||||
* Early mentioning of the optimization properties. | ||||
* Less entries of new IANA registry; made their references | ||||
normative. | ||||
* Clarified meaning of "Standards Action with Expert Review" policy. | ||||
* Clarifications, simplified phrasing, and editorial improvements. | ||||
* Updated references. | ||||
A.2. Version -09 to -10 | ||||
* Expanded acronyms in the document title. | ||||
* Clarified transport of EDHOC C_R and EDHOC message_3. | ||||
* Simplified text on the use of EDHOC Connection Identifiers as | ||||
OSCORE Identifiers. | ||||
* Added the CoAP OSCORE Option in the figures of the EDHOC message | ||||
flows. | ||||
* Added more pointers to the message processing, now defined in | ||||
dedicated subsections. | ||||
* Detecting and preventing a loss of performance advantage when | ||||
using Block-wise transfers is for application policies to | ||||
specifiy. | ||||
* Clarified use of EDHOC application profiles. | ||||
* Clarified security considerations on the achieved security level. | ||||
* Fixes and editorial improvements. | ||||
A.3. Version -08 to -09 | ||||
* Clarified meaning of "EDHOC data". | ||||
* Improved description of entries for the new IANA registry. | ||||
* Change Controller changed from "IESG" to "IETF". | ||||
* Editorial: EDHOC Option number denoted as "21" instead of "TBD21". | ||||
* Fixed references to sections of draft-ietf-lake-edhoc | ||||
* Clarifications and editorial improvements. | ||||
A.4. Version -07 to -08 | ||||
* Fixes and clarifications from the Shepherd's review. | ||||
A.5. Version -06 to -07 | ||||
* Changed document title. | ||||
* The client creates the OSCORE Security Context after creating | ||||
EDHOC message_3. | ||||
* Revised selection of EDHOC connection identifiers. | ||||
* Use of "forward message flow" and "reverse message flow". | ||||
* The payload of the combined request is not a CBOR sequence | ||||
anymore. | ||||
* EDHOC error messages from the server are not protected with | ||||
OSCORE. | ||||
* More future-proof error handling on the server side. | ||||
* Target attribute names prefixed by "ed-". | ||||
* Defined new target attributes "ed-i" and "ed-r". | ||||
* Defined single target attribute "ed-ead" signaling supported EAD | ||||
items. | ||||
* Security consideration on the minimally achieved 128-bit security. | ||||
* Defined and used the "EDHOC Authentication Credential Types" | ||||
Registry. | ||||
* High-level sentence replacing the appendix on Block-wise | ||||
performance. | ||||
* Revised examples. | ||||
* Editorial improvements. | ||||
A.6. Version -05 to -06 | ||||
* Extended figure on EDHOC sequential workflow. | ||||
* Revised naming of target attributes. | ||||
* Clarified semantics of target attributes 'eadx'. | ||||
* Registration of target attributes. | ||||
A.7. Version -04 to -05 | ||||
* Clarifications on Web Linking parameters. | ||||
* Added security considerations. | ||||
* Revised IANA considerations to focus on the CoAP option number 21. | ||||
* Guidelines on using Block-wise moved to an appendix. | ||||
* Editorial improvements. | ||||
A.8. Version -03 to -04 | ||||
* Renamed "applicability statement" to "application profile". | ||||
* Use the latest Content-Formats. | ||||
* Use of SHOULD NOT for multiple simultaneous outstanding | ||||
interactions. | ||||
* No more special conversion from OSCORE ID to EDHOC ID. | ||||
* Considerations on using Block-wise. | ||||
* Wed Linking signaling of multiple supported EAD labels. | ||||
* Added security considerations. | ||||
* Editorial improvements. | ||||
A.9. Version -02 to -03 | ||||
* Clarifications on transporting EDHOC message_3 in the CoAP | ||||
payload. | ||||
* At most one simultaneous outstanding interaction as an EDHOC + | ||||
OSCORE request with the same server for the same session with | ||||
connection identifier C_R. | ||||
* The EDHOC option is removed from the EDHOC + OSCORE request after | ||||
processing the EDHOC data. | ||||
* Added explicit constraints when selecting a Recipient ID as C_X. | ||||
* Added processing steps for when Block-wise is used. | ||||
* Improved error handling on the server. | ||||
* Improved section on Web Linking. | ||||
* Updated figures; editorial improvements. | ||||
A.10. Version -01 to -02 | ||||
* New title, abstract and introduction. | ||||
* Restructured table of content. | ||||
* Alignment with latest format of EDHOC messages. | ||||
* Guideline on ID conversions based on application profile. | ||||
* Clarifications, extension and consistency on application profile. | ||||
* Section on web-linking. | ||||
* RFC8126 terminology in IANA considerations. | ||||
* Revised Appendix "Checking CBOR Encoding of Numeric Values". | ||||
A.11. Version -00 to -01 | ||||
* Improved background overview of EDHOC. | ||||
* Added explicit rules for converting OSCORE Sender/Recipient IDs to | ||||
EDHOC connection identifiers following the removal of | ||||
bstr_identifier from EDHOC. | ||||
* Revised section organization. | ||||
* Recommended number for EDHOC option changed to 21. | ||||
* Editorial improvements. | ||||
Acknowledgments | Acknowledgments | |||
The authors sincerely thank Christian Amsüss, Emmanuel Baccelli, | The authors sincerely thank Christian Amsüss, Emmanuel Baccelli, | |||
Carsten Bormann, Roman Danyliw, Esko Dijk, Joel Halpern, Wes | Carsten Bormann, Roman Danyliw, Esko Dijk, Joel Halpern, Wes | |||
Hardaker, Klaus Hartke, John Preuß Mattsson, David Navarro, Shuping | Hardaker, Klaus Hartke, John Preuß Mattsson, David Navarro, Shuping | |||
Peng, Jim Schaad, Jürgen Schönwälder, John Scudder, Orie Steele, | Peng, Jim Schaad, Jürgen Schönwälder, John Scudder, Orie Steele, | |||
Gunter Van de Velde, Mališa Vučinić, and Paul Wouters for their | Gunter Van de Velde, Mališa Vučinić, and Paul Wouters for their | |||
feedback and comments. | feedback and comments. | |||
The work on this document has been partly supported by VINNOVA and | The work on this document has been partly supported by the Sweden's | |||
the Celtic-Next project CRITISEC; and by the H2020 project SIFIS-Home | Innovation Agency VINNOVA and the Celtic-Next project CRITISEC, and | |||
(Grant agreement 952652). | by the H2020 project SIFIS-Home (Grant agreement 952652). | |||
Authors' Addresses | Authors' Addresses | |||
Francesca Palombini | Francesca Palombini | |||
Ericsson | Ericsson AB | |||
Torshamnsgatan 23 | ||||
SE-164 40 Kista | ||||
Sweden | ||||
Email: francesca.palombini@ericsson.com | Email: francesca.palombini@ericsson.com | |||
Marco Tiloca | Marco Tiloca | |||
RISE AB | RISE AB | |||
Isafjordsgatan 22 | Isafjordsgatan 22 | |||
SE-16440 Stockholm Kista | SE-164 40 Kista | |||
Sweden | Sweden | |||
Email: marco.tiloca@ri.se | Email: marco.tiloca@ri.se | |||
Rikard Höglund | Rikard Höglund | |||
RISE AB | RISE AB | |||
Isafjordsgatan 22 | Isafjordsgatan 22 | |||
SE-16440 Stockholm Kista | SE-164 40 Kista | |||
Sweden | Sweden | |||
Email: rikard.hoglund@ri.se | Email: rikard.hoglund@ri.se | |||
Stefan Hristozov | Stefan Hristozov | |||
Fraunhofer AISEC | Eriptic | |||
Email: stefan.hristozov@eriptic.com | Email: stefan.hristozov@eriptic.com | |||
Göran Selander | Göran Selander | |||
Ericsson | Ericsson | |||
Email: goran.selander@ericsson.com | Email: goran.selander@ericsson.com | |||
End of changes. 182 change blocks. | ||||
740 lines changed or deleted | 511 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |