Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current Restore this Version View Version History

« Previous Version 2 Next »

  • Discuss PSK authentication method and resumption method (lightweight)

    • Similar to what was done with PSK/resumption mechanism in TLS 1.3.

    • External and internal PSK

  • The method should still provide ephemeral key exchange, identity protection and mitigate tracking and fingerprinting.

  • Benefits:

    • 1 asymmetric operation compared to three in current methods.

    • eliminates external things like fetching credentials from a database, revocation and path validation.

https://docs.google.com/drawings/d/1fXr9CyR41A2-I5DCxHIdJvA1TpwNZqi8fxG5QWnTX4I/edit?usp=sharing

  • Key scheduling

    • Add ID_PSK in message 1. Remove ID_CRED_R and ID_CRED_I in m2 and m3, respectively.

    • Add PSK to salt to derive PRK_2e (salt = [TH_2, PSK]).

    • PRK_3e2m, PRK_4e3m and PRK_2e should be different. (MAC orcale Jacomme)

    • Derive resumption PSK = EDHOC_KDF(PRK_out, 11, h'', h_len

https://docs.google.com/drawings/d/1CaSlUGdeJrfUj6GSp2Y6hRs69G60rnr_NOpW0ILP4x4/edit?usp=sharing

Discussion

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.