chrysn
Qiita - 人気の記事While I do maintain that "it's coming from the LAN" is not a good #security boundary, there are services where it is practical (eg. media center volume control), but also fault prone (oups my phone just switched to LTE for power saving – a generally justified thing).
Before I start formalizing how "a device can retain permissions it gets from being local for a few days" could work with EST / #TLS / #EDHOC: Does this model have a name, and/or have you ever seen it discussed or deployed anywhere?
The demos themselves are not new, but compared to back in https://chaos.social/@chrysn/112679478336788933, a lot of the band-aids have come off. (Some were replaced by others, eg. to work with the latest release of the Lakers #EDHOC implementation – the documentation can't build this way on readthedocs yet).
chrysn (@[email protected])
Attached: 1 image Granted, it's not exactly out of the box, but with some more patches and band-aids this is capable of establishing an EDHOC connection even from the browser. Full source at <https://github.com/chrysn/aiocoap/blob/master/contrib/edhoc-demo-server.ipynb> Once more, thanks @[email protected] and @[email protected] for providing that great infrastructure.
Lakers, an implementation of #EDHOC, i.e., lightweight security for #IoT, now uses formal verification to continuously check a first small part of its code using #hax and F*, proving our buffers won't reach out of their bounds and panic. Thanks @cryspen for making that tool rather straightforward to learn.
The #IETF122 hackathon starts in a few hours. I will be joining remotely, work on #EDHOC on @ariel (let's see if its out-of-the-box support also interoperates out-of-the-box), and play with #embeddfriendly URIs expressed in #CBOR.
Just released version 0.4.10 of #aioCoAP, the asynchronous #Python library for #CoAP. The latest feature is support for #EDHOC (RFC9528), a highly efficient key establishment protocol. Documentation is at <https://aiocoap.readthedocs.io/>; the demo server described at <https://coap.amsuess.com/> also offers EDHOC now.
IETFA new lightweight authenticated key exchange protocol provides improved security with less overhead for Internet-of-Things devices. Read about #EDHOC, as described in #RFC9528 & #RFC9529, from LAKE Working Group co-chairs Mališa Vučinić & Stephen Farrell: https://www.ietf.org/blog/edhoc/
EDHOC - A new lightweight authenticated key exchange protocol provides improved security with less overhead for Internet-of-Things devices
Ephemeral Diffie-Hellman Over COSE (EDHOC) described in the recently-published RFC 9528 and RFC 9529 is a very compact, lightweight authenticated key exchange protocol, providing state-of-the-art security including mutual authentication, forward secrecy and identity protection.