| Internet-Draft | EDHOC Application Profiles | March 2024 |
| Tiloca & Höglund | Expires 5 September 2024 | [Page] |
The lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) requires certain parameters to be agreed out-of-band, in order to ensure its successful completion. To this end, application profiles specify the intended use of EDHOC to allow for the relevant processing and verifications to be made. This document defines a number of means to coordinate the use and discovery of EDHOC application profiles. Also, it defines a canonical, CBOR-based representation that can be used to describe, distribute, and store EDHOC application profiles. Finally, it defines a well-known EDHOC application profile.¶
This note is to be removed before publishing as an RFC.¶
Discussion of this document takes place on the Lightweight Authenticated Key Exchange Working Group mailing list (lake@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/lake/.¶
Source for this draft and an issue tracker can be found at https://gitlab.com/crimson84/draft-tiloca-lake-app-profiles.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 September 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Ephemeral Diffie-Hellman Over COSE (EDHOC) [I-D.ietf-lake-edhoc] is a lightweight authenticated key exchange protocol, especially intended for use in constrained scenarios.¶
In order to successfully run EDHOC, the two peers acting as Initiator and Responder have to agree on certain parameters. Some of those are in-band and communicated through the protocol execution, during which a few of them may even be negotiated. However, other parameters have to be known out-of-band, before running the EDHOC protocol.¶
As discussed in Section 3.9 of [I-D.ietf-lake-edhoc], applications can use EDHOC application profiles, which specify the intended usage of EDHOC to allow for the relevant processing and verifications to be made. In particular, an EDHOC application profile may include both in-band and out-of-band parameters.¶
This document defines a number of means to coordinate the use and discovery of EDHOC application profiles, that is:¶
Furthermore, this document defines a canonical, CBOR-based representation that can be used to describe, distribute, and store EDHOC application profiles (see Section 4), as well as a well-known EDHOC application profile (see Section 5).¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The reader is expected to be familiar with terms and concepts defined in EDHOC [I-D.ietf-lake-edhoc], and with the use of EDHOC with CoAP [RFC7252] and OSCORE [RFC8613] defined in [I-D.ietf-core-oscore-edhoc].¶
Concise Binary Object Representation (CBOR) [RFC8949] and Concise Data Definition Language (CDDL) [RFC8610] are used in this document. CDDL predefined type names, especially bstr for CBOR byte strings and tstr for CBOR text strings, are used extensively in this document.¶
Section 6 of [I-D.ietf-core-oscore-edhoc] defines a number of target attributes that can be used in a web link [RFC8288] with resource type "core.edhoc" (see Section 10.10 of [I-D.ietf-lake-edhoc]). This is the case, e.g., when using a link-format document [RFC6690] describing EDHOC resources at a server, when EDHOC is transferred over CoAP [RFC7252] as defined in Appendix A.2 of [I-D.ietf-lake-edhoc]. This allows a client to obtain relevant pieces of information from the EDHOC application profile(s) to be used with a certain EDHOC resource.¶
In the same spirit, this section defines the following additional parameter, which can be optionally specified as a target attribute with the same name in the link to the respective EDHOC resource, or among the filter criteria in a discovery request from a client.¶
When specifying the parameter 'ed-prof' in a link to an EDHOC resource, the target attribute rt="core.edhoc" MUST be included.¶
If a link to an EDHOC resource includes occurrences of the target attribute 'ed-prof', the link MUST NOT include other target attributes that provide information pertaining to an EDHOC application profile (see, e.g., Section 6 of [I-D.ietf-core-oscore-edhoc]), which, if present, MUST be ignored by the recipient.¶
The example in Figure 1 shows how a CoAP client discovers two EDHOC resources at a CoAP server, obtaining information elements from the respective application profile. The Link Format notation from Section 5 of [RFC6690] is used.¶
The example assumes the existence of an EDHOC application profile identified by the integer Profile ID 500, which is supported by the EDHOC resource at /edhoc-alt.¶
REQ: GET /.well-known/core
RES: 2.05 Content
</sensors/temp>;osc,
</sensors/light>;if=sensor,
</.well-known/edhoc>;rt=core.edhoc;ed-csuite=0;ed-csuite=2;
ed-method=0;ed-cred-t=1;ed-cred-t=3;ed-idcred-t=4;
ed-i;ed-r;ed-comb-req,
</edhoc-alt>;rt=core.edhoc;ed-prof=500
Section 3.4 of [I-D.ietf-ace-edhoc-oscore-profile] defines the EDHOC_Information object, as including information that guides two peers towards executing the EDHOC protocol, and defines an initial set of its parameters.¶
This document defines the new parameter "app_prof" of the EDHOC_Information object, as summarized in Figure 2 and described further below.¶
+----------+-------+-------+-------------+-----------------+ | Name | CBOR | CBOR | Registry | Description | | | label | type | | | +----------+-------+-------+-------------+-----------------+ | app_prof | 14 | int / | EDHOC | Set of | | | | array | Application | supported EDHOC | | | | | Profiles | Application | | | | | Registry | Profiles | +----------+-------+-------+-------------+-----------------+
Section 3.2 of [I-D.ietf-ace-edhoc-oscore-profile] defines how the EDHOC_Information object can be used within the workflow of the EDHOC and OSCORE transport profile of the ACE framework for authentication and authorization in constrained environments (ACE) [RFC9200].¶
In particular, the AS-to-C Access Token Response can include the parameter "edhoc_info", with value an EDHOC_Information object. This allows the ACE Authorization Server (AS) to provide the ACE Client (C) with information about how to run the EDHOC protocol with the ACE Resource Server (RS) for which the Access Token is issued.¶
In such a case, the EDHOC_Information object above can include the parameter "app_prof" defined in this document. This parameter indicates a set of EDHOC application profiles associated with the EDHOC resource to use at the RS, which is either implied or specified by the parameter "uri_path" within the same EDHOC_Information object.¶
If the EDHOC_Information object specified as value of "edhoc_info" includes the "app_prof" parameter, the object MUST NOT include other parameters that provide information pertaining to an EDHOC application profile. Such parameters MUST be ignored by C, if present in an EDHOC_Information object that also includes the "app_prof" parameter.¶
At the time of writing this document, such parameters are: "methods", "cipher_suites", "message_4", "comb_req", "osc_ms_len", "osc_salt_len", "osc_version", "cred_types", "id_cred_types", "eads", "initiator", and "responder". These are all defined in Section 3.4 of [I-D.ietf-ace-edhoc-oscore-profile].¶
This section defines the EDHOC_Application_Profile object, which can be used as a canonical representation of EDHOC application profiles for their description, distribution, and storage.¶
An EDHOC_Application_Profile object is encoded as a CBOR map [RFC8949]. Each element of the CBOR map is an element of the CBOR-encoded EDHOC_Information object defined in Section 3.3 of [I-D.ietf-ace-edhoc-oscore-profile], and thus uses the corresponding CBOR abbreviations from the 'CBOR label' column of the "EDHOC Information" registry defined in [I-D.ietf-ace-edhoc-oscore-profile].¶
The CBOR map encoding the EDHOC application profile MUST include the element "app_prof" defined in this document. Its value is the unique identifier of the EDHOC application profile in question, taken from the 'Profile ID' column of the "EDHOC Application Profiles" registry defined in this document, and encoded as a CBOR integer.¶
The following elements defined for the EDHOC_Information object MUST also be present: "methods" and "cred_types".¶
The following elements defined for the EDHOC_Information object MUST NOT be present: "session_id", "uri_path", "initiator", and "responder".¶
The CBOR map MAY include other elements defined for the EDHOC_Information object. Consistently with Sections 8 and A.1 of [I-D.ietf-lake-edhoc] and with Section 5.4 of [RFC8613]:¶
If an element is present in the CBOR map and the information that it specifies is intrinsically a set of one or more co-existing alternatives, then all the specified alternatives apply for the EDHOC application profile in question.¶
For example, the element "cipher_suites" with value the CBOR array [0, 2] means that, in order to adhere to the EDHOC application profile in question, an EDHOC peer has to implement both the EDHOC cipher suites 0 and 2, because either of them can be used by another EDHOC peer also adhering to the same EDHOC application profile.¶
The CDDL grammar describing the EDHOC_Application_Profile object is:¶
EDHOC_Application_Profile = {
1 => int / array, ; methods
9 => int / array, ; cred_types
14 => int, ; app_prof
* int / tstr => any
}
¶
[ NOTE:¶
Based on Sections 3.9 and F of [I-D.ietf-lake-edhoc], further parameters can be defined for the EDHOC_Information object specified in Section 3.4 of [I-D.ietf-ace-edhoc-oscore-profile], and then used for the EDHOC_Application_Profile object defined in this document. For example:¶
The transport(s) to use for EDHOC. How to indicate that? It is actually about multiple pieces of information, often transport-dependent.¶
For example, if CoAP is indicated, it should be said over what CoAP is in turn transported, if any of the EDHOC-related CoAP Content-Format has to be indicated, etc. See, for instance, point 1 in Sections 3.9 and F of [I-D.ietf-lake-edhoc].¶
This might require another registry about "transport suites" to be used with EDHOC, each of which registered with a unique identifier, specifying the transport protocol together with additional (transport-dependent) pieces of information.¶
At the same time, Section 3.9 of [I-D.ietf-lake-edhoc] says:¶
"Note that it is not necessary for the endpoints to specify a single transport for the EDHOC messages. For example, a mix of CoAP and HTTP may be used along the path, and this may still allow correlation between messages."¶
In order to take this into account, an application profile can specify two sets of supported transports, i.e., with a parameter "tp_i" pertaining to an Initiator that uses this profile and a parameter "tp_r" pertaining to a Responder that uses this profile. The two sets can independently specify the expected support for multiple transports, each together with related transport-dependent information.¶
In order to handle the case where both "tp_i" and "tp_r" are equal, a single parameter "tp" can be used instead. In that case, an Initiator and a Responder using this profile are expected to use any of the transports from the set specified by the parameter "tp".¶
]¶
TBD¶
[ NOTE:¶
This well-known EDHOC application profile is not intended to be a "default" profile to use, in case no other indication is provided to the EDHOC peers.¶
With particular reference to using EDHOC with CoAP, it must not be silently assumed that, unless otherwise indicated, the EDHOC resource at /.well-known/edhoc is used according to such a well-known profile.¶
If this well-known EDHOC application profile was treated as a "default" profile, it might be suggesting what is generally mandatory to implement, which is instead limited to what is already defined by the compliance requirements in Section 8 of [I-D.ietf-lake-edhoc] (i.e., simply support for "kid" as type of credential identifier, as well as for cipher suites 2 and 3).¶
That is, this well-known EDHOC application profile is not intended to practically replace the compliance requirements from Section 8 of [I-D.ietf-lake-edhoc], which defines what is a de-facto, unnamed default EDHOC application profile.¶
Instead, this well-known EDHOC application profile should reflect what is the most common and expected way to use EDHOC.¶
]¶
This document has the following actions for IANA.¶
Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.¶
IANA is asked to register the media type "application/edhoc-app-profile+cbor-seq". This registration follows the procedures specified in [RFC6838].¶
Type name: application¶
Subtype name: edhoc-app-profile+cbor-seq¶
Required parameters: N/A¶
Optional parameters: N/A¶
Encoding considerations: Must be encoded as a CBOR sequence [RFC8742] of CBOR maps. Each element of each CBOR map is also defined as an element of the CBOR-encoded EDHOC_Information object from Section 3.3 of [I-D.ietf-ace-edhoc-oscore-profile].¶
Security considerations: See Section 6 of [RFC-XXXX].¶
Interoperability considerations: N/A¶
Published specification: [RFC-XXXX]¶
Applications that use this media type: Applications that need to describe, distribute, and store a representation of an EDHOC application profile (see Section 3.9 of [I-D.ietf-lake-edhoc]).¶
Fragment identifier considerations: N/A¶
Additional information: N/A¶
Person & email address to contact for further information: LAKE WG mailing list (lake@ietf.org) or IETF Applications and Real-Time Area (art@ietf.org)¶
Intended usage: COMMON¶
Restrictions on usage: None¶
Author/Change controller: IETF¶
Provisional registration: No¶
IANA is asked to add the following entry to the "CoAP Content-Formats" registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group.¶
Content Type: application/edhoc-app-profile+cbor-seq¶
Content Coding: -¶
ID: TBD¶
Reference: [RFC-XXXX]¶
IANA is requested to create a new "EDHOC Application Profiles" registry within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group defined in [I-D.ietf-lake-edhoc].¶
The registry uses the "Expert Review" registration procedure [RFC8126]. Expert Review guidelines are provided in Section 7.6. Values in this registry are covered by different registration policies as indicated. It should be noted that, in addition to the expert review, some portions of the registry require a specification, potentially a Standards Track RFC, to be supplied as well.¶
The columns of this registry are:¶
Profile ID: This field contains the value used to identify the EDHOC application profile. These values MUST be unique. The value can be an unsigned integer or a negative integer. Different ranges of values use different registration policies [RFC8126]:¶
IANA is asked to register the following entry in the "Target Attributes" registry within the "Constrained RESTful Environments (CoRE) Parameters", as per [I-D.ietf-core-target-attr].¶
IANA is asked to register the following entry in the "EDHOC Information" registry defined in [I-D.ietf-ace-edhoc-oscore-profile].¶
The IANA registry established in this document is defined as "Expert Review". This section gives some general guidelines for what the experts should be looking for; but they are being designated as experts for a reason, so they should be given substantial latitude.¶
Expert reviewers should take into consideration the following points:¶
The authors sincerely thank Christian Amsüss, Göran Selander, and Brian Sipos for their feedback and comments.¶