EDHOC Object definition.

[dnav]

Note:

In making a submission to the Open Mobile Alliance Registry, you understand and agree that your submission is made under the BSD-3 Clause License as set forth on the Open Mobile Alliance Registry and that additional formats of your submission may be created by the Open Mobile Alliance tools and processes, which may convert the content of your submission, and that the Open Mobile Alliance bears no liability for the additional formats of your submission nor for any conversion of the content of your submission.

[mkgillmore]

Needs proper license for OMA

[jpradocueva]

Update to email address.

[PiotrRoszkowski]

Hi David,

First off, thanks for putting together the EDHOC object definition. It’s a solid proposal and, in my opinion, definitely something that should be added to LwM2M. As I was going through it, a few questions and potential improvements came to my mind. I’ve listed them below, hope you find them useful. Happy to discuss further if anything’s unclear :)

1. Is this object also intended to establish the OSCORE Security Context for connections with the LwM2M Bootstrap Server? If so, we should clarify that only one instance of this object may correspond to the Bootstrap Server. This constraint should be explicitly stated.
2. There are two scenarios according to Resource 9. When it is set to True, the purpose of the EDHOC object is strictly to establish an OSCORE Security Context. If that's the case, shouldn’t we clarify how this EDHOC object instance links to a specific OSCORE object instance? Especially considering that the OSCORE instance is tied to a specific LwM2M Security object instance? How do we define this relationship? The second option is with Resource 9 set to False. Then the EDHOC object instance is not meant for OSCORE. What then? What are the intended use cases? Should we specify them somehow? Or maybe we can just disallow such a scenario for now and consider adding support for it in a future version of the object, if needed?
3. I believe this object should only be modified by the LwM2M Bootstrap Server or via Bootstrap from Smartcard. This restriction should be explicitly stated, just as it is for the LwM2M Security Object and the LwM2M OSCORE Object.
4. Moreover, it seems that there are at least a few places in the Core and Transport specifications that should be updated to reflect the introduction of this object. A few examples come to my mind:

• Core spec, Section 6.1.7.6 Bootstrap-Delete Operation currently states:

  The two exceptions are the LwM2M Bootstrap-Server Account, potentially including an associated Instance of an OSCORE Object (ID:21), and the single Instance of the mandatory Device Object (ID:3), which are not affected by any Delete operation.

  Shouldn't this list also include an associated EDHOC Object Instance? Other similar sections are in the Core spec: 6.1.7.3 — Bootstrap-Discover Operation, 6.1.7.7 — Bootstrap-Pack-Request Operation, 6.2.1 — Register Operation

• Transport spec, Section 5. Security currently states:

  The LwM2M specification also supports application layer security based on OSCORE with pre-shared secrets."

  If I understand correctly, with the introduction of EDHOC, we can remove "pre-shared secrets" part of the sentence?

• Finally, Transport spec, Section 5. Security - shouldn't this section explicitly mention EDHOC or even include a dedicated subsection about it?

Looking forward to your thoughts!

[eliasweingaertner]

Saying that the "resource is null" is vague: What does the private key need to contain? Does it mean that an internal pointer in the implementation points to NULL? Or does it mean it contains a single, null byte? ?

[eliasweingaertner]

Can you explain why none of these resources carry an operation? Without an operation, the information is essentially hidden on the device; it can't be retrieved, written or executed using standard writes, reads or executes.

Maybe I don't understand the purpose of the object fully, but what is the reason to specify an object if none of the information is accessible?

[PiotrRoszkowski]

I believe it results from restriction that this object should be accessed only by LwM2M Bootstrap Server. The same lack of Operations approach is used for LwM2M Security, LwM2M OSCORE and LwM2M COSE objects:)

[eliasweingaertner]

I believe it results from restriction that this object should be accessed only by LwM2M Bootstrap Server. The same lack of Operations approach is used for LwM2M Security, LwM2M OSCORE and LwM2M COSE objects:)

That was my assumption also, hence I asked for clarification. But for example Public Keys technically could be readable...

[mkgillmore]

@dnav Please have a look at the comments submitted. I would like to resolved on 6/24 if possible