Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

« Previous Version 2 Next »

  • Discuss PSK authentication method and resumption method (lightweight)

    • Similar to what was done with PSK/resumption mechanism in TLS 1.3.

    • External and internal PSK

  • The method should still provide ephemeral key exchange, identity protection and mitigate tracking and fingerprinting.

  • Benefits:

    • 1 asymmetric operation compared to three in current methods.

    • eliminates external things like fetching credentials from a database, revocation and path validation.

https://docs.google.com/drawings/d/1fXr9CyR41A2-I5DCxHIdJvA1TpwNZqi8fxG5QWnTX4I/edit?usp=sharing

  • Key scheduling

    • Add ID_PSK in message 1. Remove ID_CRED_R and ID_CRED_I in m2 and m3, respectively.

    • Add PSK to salt to derive PRK_2e (salt = [TH_2, PSK]).

    • PRK_3e2m, PRK_4e3m and PRK_2e should be different. (MAC orcale Jacomme)

    • Derive resumption PSK = EDHOC_KDF(PRK_out, 11, h'', h_len

https://docs.google.com/drawings/d/1CaSlUGdeJrfUj6GSp2Y6hRs69G60rnr_NOpW0ILP4x4/edit?usp=sharing

Discussion