Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Discuss PSK authentication method and resumption method (lightweight)

    • Similar to what was done with PSK/resumption mechanism in TLS 1.3.

    • External and internal PSK

  • The method should still provide ephemeral key exchange, identity protection and mitigate tracking and fingerprinting.

  • Benefits:

    • 1 asymmetric operation compared to three in current methods.

    • eliminates external things like fetching credentials from a database, revocation and path validation.

https://docs.google.com/drawings/d/1fXr9CyR41A2-I5DCxHIdJvA1TpwNZqi8fxG5QWnTX4I/edit?usp=sharing

  • Key scheduling

    • Add ID_PSK in message 1. Remove ID_CRED_R and ID_CRED_I in m2 and m3, respectively.

    • Add PSK to salt to derive PRK_2e (salt = [TH_2, PSK]).

    • PRK_3e2m, PRK_4e3m and PRK_2e should be different. (MAC orcale Jacomme)

    • Derive resumption PSK = EDHOC_KDF(PRK_out, 11, h'', h_len

https://docs.google.com/drawings/d/1CaSlUGdeJrfUj6GSp2Y6hRs69G60rnr_NOpW0ILP4x4/edit?usp=sharing

Discussion