Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cfrg-spake2plus-08> for your review
"Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org> Tue, 11 April 2023 20:14 UTC
Return-Path: <rfc-ise@rfc-editor.org>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B222C16B5CB; Tue, 11 Apr 2023 13:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7w9rTu80aEvU; Tue, 11 Apr 2023 13:14:01 -0700 (PDT)
Received: from [192.168.0.99] (77-58-144-232.dclient.hispeed.ch [77.58.144.232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 02906C151542; Tue, 11 Apr 2023 13:13:59 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------gvB0S5PgfLcF9IxX0UvsSzy6"
Message-ID: <13e5873f-26b2-130a-dbb8-45eb3bfceaba@rfc-editor.org>
Date: Tue, 11 Apr 2023 22:13:57 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.9.1
Content-Language: en-US
To: Lynne Bartholomew <lbartholomew@amsl.com>, Tim Taubert <ttaubert=40apple.com@dmarc.ietf.org>
Cc: "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, Chris Wood <caw@heapingbits.net>, auth48archive@rfc-editor.org
References: <20230404051056.3B12E4C288@rfcpa.amsl.com> <138CE338-D683-4EA4-96F0-0707E04848DC@apple.com> <E75C81C2-8C57-4EEB-8E2A-9935F12A300B@amsl.com> <A0E20B4A-15DC-49EA-BB54-4957E01F1061@apple.com> <DC3CB27D-C891-4C36-9C34-D6ADDF11F5D3@amsl.com> <014346ED-F04D-491F-B607-31F9E4C53720@apple.com> <1066E889-97DA-4FE8-BED5-D632FF768C3D@amsl.com>
From: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
In-Reply-To: <1066E889-97DA-4FE8-BED5-D632FF768C3D@amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/FZDGPLrAYa6Y5skFa5kVuXhZk-Q>
Subject: Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cfrg-spake2plus-08> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 20:14:06 -0000
Ok, I've reviewed the document. I can confirm that the seeds in 9283 are in fact currently the same as those listed in draft-irtf-cfrg-spake2-26.txt, but the RPC should reconfirm this before releasing the RFCs. Otherwise approved. In the future, it may be good to *reference* such values... Eliot On 11.04.23 17:48, Lynne Bartholomew wrote: > Hi, Tim. > > We have changed "intermediate" to "input" (for IKM) per your note below. Thank you for pointing it out! > > We have also left "(setup protocol)" as is in the trace diagram, per this note on<https://github.com/chris-wood/draft-bar-cfrg-spake2plus/pull/35>: 'I think we should leave this as "setup protocol". It describes a phase of the protocol, not an action.' > > The latest files are posted here: > > https://www.rfc-editor.org/authors/rfc9383.txt > https://www.rfc-editor.org/authors/rfc9383.pdf > https://www.rfc-editor.org/authors/rfc9383.html > https://www.rfc-editor.org/authors/rfc9383.xml > https://www.rfc-editor.org/authors/rfc9383-diff.html > https://www.rfc-editor.org/authors/rfc9383-rfcdiff.html > https://www.rfc-editor.org/authors/rfc9383-auth48diff.html > https://www.rfc-editor.org/authors/rfc9383-lastdiff.html > https://www.rfc-editor.org/authors/rfc9383-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9383-xmldiff1.html > https://www.rfc-editor.org/authors/rfc9383-xmldiff2.html > > We have noted your approval on the AUTH48 status page: > > https://www.rfc-editor.org/auth48/rfc9383 > > Thanks again for your help and attentiveness to this document! > > RFC Editor/lb > > >> On Apr 11, 2023, at 5:16 AM, Tim Taubert<ttaubert=40apple.com@dmarc.ietf.org> wrote: >> >> Alice, >> >> Thank you for updating the draft files once more! >> >>> On Apr 7, 2023, at 20:48, Alice Russo<arusso@amsl.com> wrote: >>> >>> Tim, >>> >>> Thanks for your reply. Updated Section 1 accordingly (minus the word 'area' which I had mistakenly added in my email). The revised files are here (please refresh): >>> https://www.rfc-editor.org/authors/rfc9383.html >>> https://www.rfc-editor.org/authors/rfc9383.txt >>> https://www.rfc-editor.org/authors/rfc9383.pdf >>> https://www.rfc-editor.org/authors/rfc9383.xml >>> >>> This diff file shows all changes from the approved I-D: >>> https://www.rfc-editor.org/authors/rfc9383-diff.html >>> https://www.rfc-editor.org/authors/rfc9383-rfcdiff.html (side by side) >>> >>> This diff file shows the changes made during AUTH48 thus far: >>> https://www.rfc-editor.org/authors/rfc9383-auth48diff.html >>> >>> This diff file shows only the changes since the last posted version: >>> https://www.rfc-editor.org/authors/rfc9383-lastrfcdiff.html (side by side) >>> >>> Regarding the items that overlap with 9382: >>> - Per your note in github: >>>> I think we should leave this as "setup protocol". It describes a phase of the protocol, not an action. >>> no change to "setup protocol". Will confirm with the authors of 9382. >>> - Open item re: IKM's expansion (#9 inhttps://mailarchive.ietf.org/arch/msg/auth48archive/UhnTFML-8Ns1LXCAaavjZS04-5o/) >>> >> The PR changes “intermediate” to “input”. I missed pointing that out, sorry. I agree that this should be “input key material”. >> >> As far as I am concerned, this is the last open item before the RFC can be approved for publication. >> >> — Tim >> >> >>> We will wait to hear from you again and from your coauthors >>> before continuing the publication process. This page shows >>> the AUTH48 status of your document: >>> https://www.rfc-editor.org/auth48/rfc9383 >>> >>> Thank you. >>> RFC Editor/ar >>> >>>> On Apr 6, 2023, at 10:55 PM, Tim Taubert<ttaubert=40apple.com@dmarc.ietf.org> wrote: >>>> >>>> Alice, >>>> >>>> Thank you. I have updated the PR with the changes you suggested. >>>> >>>>> On Apr 6, 2023, at 22:49, Alice Russo<arusso@amsl.com> wrote: >>>>> >>>>> Re: #2 >>>>> Remains open; please let us know any keywords for this document (beyond those that appear in the title). >>>>> >>>> The keywords that appear in the title are, I think, sufficient. >>>> >>>>> Re: #5 >>>>> In your provided text, FYI we moved "for example" to the beginning of the sentence for readability. In addition, should it be rephrased as follows to clarify the constraints? >>>>> >>>>> Current: >>>>> For example, a constraint may be physical proximity through a local >>>>> network or when initiation of the protocol requires a first >>>>> authentication factor. >>>>> >>>>> Perhaps: >>>>> For example, a constraint may be when physical proximity through a local >>>>> are network is required or when a first authentication factor is required >>>>> for initiation of the protocol. >>>>> >>>> This is a good suggestion. I updated the PR. >>>> >>>>> Re: #14 >>>>> In your provided text, FYI we changed "does" to "do", as the subject is plural (the choice, its parameters, and the distribution). Also, added "the" before "distribution". >>>>> >>>>> Current: >>>>> Since the choice of PBKDF, its >>>>> parameters for computing w0 and w1, and the distribution of w0 and w1 >>>>> do not affect interoperability, the PBKDF is not included as part of >>>>> the ciphersuite. >>>>> >>>> Updated the PR with this suggestion as well. >>>> >>>>> Re: #17 and #18 >>>>> Thank you for providing the line breaks and indentation for the longer lines. We suggest reviewing that it has been updated as intended. >>>> Reviewed the updates. They look good, thanks! >>>> >>>> — Tim >>>> >>>> >>>>> We will wait to hear from you again and from your coauthor >>>>> before continuing the publication process. This page shows >>>>> the AUTH48 status of your document: >>>>> https://www.rfc-editor.org/auth48/rfc9383 >>>>> >>>>> Thank you. >>>>> RFC Editor/ar >>>>> >>>>>> On Apr 6, 2023, at 9:03 AM, Tim Taubert<ttaubert=40apple.com@dmarc.ietf.org> wrote: >>>>>> >>>>>> Hi all, >>>>>> >>>>>> Thanks for the great comments and suggestions! We submitted a new pull request which should address all draft feedback: >>>>>> >>>>>> https://github.com/chris-wood/draft-bar-cfrg-spake2plus/pull/35 >>>>>> >>>>>> >>>>>> — Tim >>>>>> >>>>>> >>>>>> >>>>>>> On 4. Apr 2023, at 07:10,rfc-editor@rfc-editor.org wrote: >>>>>>> >>>>>>> Authors, >>>>>>> >>>>>>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. >>>>>>> >>>>>>> 1) <!-- [rfced] We updated the document title as follows, to define >>>>>>> "PAKE". We also added "Protocol" per wording in the Abstract and >>>>>>> Introduction. Please let us know any objections. >>>>>>> >>>>>>> Original: >>>>>>> SPAKE2+, an Augmented PAKE >>>>>>> >>>>>>> Currently: >>>>>>> SPAKE2+, an Augmented Password-Authenticated Key Exchange (PAKE) >>>>>>> Protocol --> >>>>>>> >>>>>>> >>>>>>> 2) <!-- [rfced] Please insert any keywords (beyond those that appear in the >>>>>>> title) for use on<https://www.rfc-editor.org/search>. --> >>>>>>> >>>>>>> >>>>>>> 3) <!-- [rfced] Section 1: Does "other party's" refer to the other >>>>>>> party or to the party that makes direct use of the password? If >>>>>>> neither suggestion below is correct, please clarify this text. >>>>>>> >>>>>>> Original (the previous sentence is included for context): >>>>>>> SPAKE2+ >>>>>>> is an augmented PAKE protocol, as only one party makes direct use of >>>>>>> the password during the execution of the protocol. The other party >>>>>>> only needs a record corresponding to the other party's registration >>>>>>> at the time of the protocol execution instead of the password. >>>>>>> >>>>>>> Suggestion A ("other party's" refers to the other party): >>>>>>> SPAKE2+ >>>>>>> is an augmented PAKE protocol, as only one party makes direct use of >>>>>>> the password during the execution of the protocol. The other party >>>>>>> only needs a record corresponding to its own registration at the >>>>>>> time of the protocol execution instead of the password. >>>>>>> >>>>>>> Suggestion B ("other party's" refers to the party that makes direct >>>>>>> use of the password): >>>>>>> SPAKE2+ >>>>>>> is an augmented PAKE protocol, as only one party makes direct use of >>>>>>> the password during the execution of the protocol. The other party >>>>>>> only needs a record corresponding to the first party's registration >>>>>>> at the time of the protocol execution instead of the password. --> >>>>>>> >>>>>>> >>>>>>> 4) <!-- [rfced] Sections 1 and 3: We found the use of the word "which" in >>>>>>> these sentences confusing. For example, in the first sentence >>>>>>> listed below, do balanced PAKEs never benefit from Password Hashing >>>>>>> Functions to the same extent (in which case a comma before "which" >>>>>>> would be correct), or do balanced PAKEs sometimes benefit from >>>>>>> Password Hashing Functions to the same extent (in which case "that" >>>>>>> would be correct)? In the second sentence, does "which" apply to the >>>>>>> data or the identities? >>>>>>> >>>>>>> If the suggested text is not correct, please provide clarifying text, >>>>>>> taking into account whether or not the intent is to indicate "all >>>>>>> cases" or "some cases". >>>>>>> >>>>>>> Original: >>>>>>> The record cannot be used directly to >>>>>>> successfully run the protocol as a prover, making this protocol more >>>>>>> robust than balanced PAKEs which don't benefit from Password Hashing >>>>>>> Functions to the same extent. >>>>>>> ... >>>>>>> The parties may share additional data >>>>>>> (the context) separate from their identities which they may want to >>>>>>> include in the protocol transcript. >>>>>>> ... >>>>>>> One example of additional data >>>>>>> is a list of supported protocol versions if SPAKE2+ were used in a >>>>>>> higher-level protocol which negotiates the use of a particular PAKE. >>>>>>> >>>>>>> Suggested ("all cases", "all cases", and "some cases"): >>>>>>> The record cannot be used directly to >>>>>>> successfully run the protocol as a prover, making this protocol more >>>>>>> robust than balanced PAKEs, which don't benefit from Password >>>>>>> Hashing Functions to the same extent. >>>>>>> ... >>>>>>> The parties may share additional data >>>>>>> (the context) separate from their identities, which they may want to >>>>>>> include in the protocol transcript. >>>>>>> ... >>>>>>> One example of additional data >>>>>>> is a list of supported protocol versions if SPAKE2+ were used in a >>>>>>> higher-level protocol that negotiates the use of a particular PAKE. --> >>>>>>> >>>>>>> >>>>>>> 5) <!-- [rfced] Section 1: This sentence does not parse. Please >>>>>>> clarify the meaning of "consist in being in" and "or when". >>>>>>> >>>>>>> Original: >>>>>>> Constraints may consist in being in physical proximity through a >>>>>>> local network or when initiation of the protocol requires a first >>>>>>> authentication factor. --> >>>>>>> >>>>>>> >>>>>>> 6) <!-- [rfced] Section 3: "fix a generate P" reads oddly. Should >>>>>>> some words be added or removed? >>>>>>> >>>>>>> Original (the next sentence is included for context): >>>>>>> We fix a generate P of (large) prime-order subgroup of G. P is >>>>>>> specified in the document defining the group, and so we do not repeat >>>>>>> it here. >>>>>>> >>>>>>> Possibly ("generated" instead of "generate" and clarifying the >>>>>>> meaning of "the document"): >>>>>>> We fix a generated point P of the (large) prime-order subgroup of G. >>>>>>> P will be specified in the document that defines the group, and so we >>>>>>> do not repeat it here. --> >>>>>>> >>>>>>> >>>>>>> 7) <!--[rfced] FYI, we asked about "intermediate" in "IKM" in >>>>>>> RFC-to-be 9382; see question #9 in the mail to the authors of that >>>>>>> document (https://mailarchive.ietf.org/arch/msg/auth48archive/UhnTFML-8Ns1LXCAaavjZS04-5o/). >>>>>>> We will check with you before making updates. >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 8) <!--[rfced] FYI, we asked about "setup protocol" in RFC-to-be 9382; >>>>>>> see question #6 in the mail to the authors of that document >>>>>>> (https://mailarchive.ietf.org/arch/msg/auth48archive/UhnTFML-8Ns1LXCAaavjZS04-5o/). >>>>>>> We will check with you before making updates. >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 9) <!-- [rfced] Please review the "type" attribute of each artwork >>>>>>> element in the XML file. Should any of the artwork elements be >>>>>>> tagged as sourcecode? Please see >>>>>>> <https://www.rfc-editor.org/materials/sourcecode-types.txt>. >>>>>>> For example, could some artwork be listed as sourcecode with >>>>>>> type="pseudocode" or - in Section 4 and Appendix C - "test-vectors"? >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 10) <!-- [rfced] Sections 3.2 and 3.3: Should "represented as the empty >>>>>>> octet string" be "represented as an empty octet string"? >>>>>>> >>>>>>> Original: >>>>>>> If an identity is unknown at the time of computing w0s or w1s, its >>>>>>> length is given as zero and the identity itself is represented as the >>>>>>> empty octet string. >>>>>>> ... >>>>>>> If an identity is absent, its length is given as zero and the >>>>>>> identity itself is represented as the empty octet string. >>>>>>> >>>>>>> Possibly: >>>>>>> If an identity is unknown at the time of computing w0s or w1s, its >>>>>>> length is given as zero and the identity itself is represented as an >>>>>>> empty octet string. >>>>>>> ... >>>>>>> If an identity is absent, its length is given as zero and the >>>>>>> identity itself is represented as an empty octet string. --> >>>>>>> >>>>>>> >>>>>>> 11) <!-- [rfced] Section 3.3: We found the use of "that" in this >>>>>>> sentence confusing. Are Z and V always shared as common values, >>>>>>> or only sometimes? >>>>>>> >>>>>>> Original: >>>>>>> Both participants compute Z and V that are now shared as common >>>>>>> values. >>>>>>> >>>>>>> Possibly (Z and V are always shared after both participants compute >>>>>>> them): >>>>>>> Both participants compute Z and V; Z and V are then shared as common >>>>>>> values. --> >>>>>>> >>>>>>> >>>>>>> 12) <!-- [rfced] Section 3.3: To what does "that which" refer in this >>>>>>> sentence? If the suggested text is not correct, please provide >>>>>>> clarifying text. >>>>>>> >>>>>>> Original: >>>>>>> Key >>>>>>> confirmation verification requires recomputation of confirmP or >>>>>>> confirmV and checking for equality against that which was received. >>>>>>> >>>>>>> Suggested: >>>>>>> Key >>>>>>> confirmation verification requires recomputation of confirmP or >>>>>>> confirmV and checking for equality against the data that was >>>>>>> received. --> >>>>>>> >>>>>>> >>>>>>> 13) <!-- [rfced] Section 3.4: We expanded "AEAD" as "Authenticated >>>>>>> Encryption with Associated Data". If this is incorrect, please >>>>>>> provide the correct expansion. >>>>>>> >>>>>>> Original: >>>>>>> For example, applications >>>>>>> MAY derive one or more AEAD keys and nonces from K_shared for >>>>>>> subsequent application data encryption. >>>>>>> >>>>>>> Currently: >>>>>>> For example, applications >>>>>>> MAY derive one or more Authenticated Encryption with Associated Data >>>>>>> (AEAD) keys and nonces from K_shared for subsequent application data >>>>>>> encryption. --> >>>>>>> >>>>>>> >>>>>>> 14) <!-- [rfced] Section 4: Does "distributing" refer to w0 and w1, or >>>>>>> something else? >>>>>>> >>>>>>> Original: >>>>>>> Since the choice of PBKDF and >>>>>>> its parameters for computing w0 and w1 and distributing does not >>>>>>> affect interoperability, the PBKDF is not included as part of the >>>>>>> ciphersuite. >>>>>>> >>>>>>> Possibly: >>>>>>> Since the choice of PBKDF and >>>>>>> its parameters for computing and distributing w0 and w1 does not >>>>>>> affect interoperability, the PBKDF is not included as part of the >>>>>>> ciphersuite. --> >>>>>>> >>>>>>> >>>>>>> 15) <!-- [rfced] Table 1: We do not see "SHA512", "SHA-512", or "512" >>>>>>> in RFC 5869. Will these citations in this table be clear to readers? >>>>>>> >>>>>>> We have the same question for SHA256, and SHA512; we do not see them >>>>>>> listed in RFC 2104. --> >>>>>>> >>>>>>> >>>>>>> 16) <!-- [rfced] Appendices A.1 and A.2: "behavior consists of" reads >>>>>>> oddly in these sentences. If the suggested text is not correct, >>>>>>> please clarify. >>>>>>> >>>>>>> Original: >>>>>>> The Prover's behavior consists of two functions, ProverInit and >>>>>>> ProverFinish, which are described below. >>>>>>> ... >>>>>>> The Verifier's behavior consists of a single function, >>>>>>> VerifierFinish, which is described below. >>>>>>> >>>>>>> Suggested: >>>>>>> The Prover's process involves two functions, ProverInit and >>>>>>> ProverFinish, which are described below. >>>>>>> ... >>>>>>> The Verifier's process involves a single function, VerifierFinish, >>>>>>> which is described below. --> >>>>>>> >>>>>>> >>>>>>> 17) <!-- [rfced] Appendix A.3: FYI, due to the line-length limitation, >>>>>>> we have added a line break as follows. (The subsequent line is >>>>>>> indented 2 characters; similar indentation is used in RFC 8805.) >>>>>>> Please let us know if you prefer otherwise. >>>>>>> >>>>>>> Original: >>>>>>> def ComputeTranscript(Context, idProver, idVerifier, shareP, shareV, Z, V, w0): >>>>>>> >>>>>>> Current: >>>>>>> def ComputeTranscript(Context, idProver, idVerifier, shareP, shareV, >>>>>>> Z, V, w0): >>>>>>> >>>>>>> Also, please let us know if you'd like to add a sentence such as >>>>>>> "Line breaks have been added due to line-length limitations" >>>>>>> (as used in RFC 7790 and other documents). >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 18) <!--[rfced] Appendix A.5: Similar to above, may we add a line break >>>>>>> (in 2 instances) so that this artwork is not "outdented" into the >>>>>>> left margin in the text output? To summarize line-length limitations: >>>>>>> * 72 characters for artwork elements. (Note: in the text output, >>>>>>> the renderer will "outdent" into the left margin for artwork >>>>>>> that is over 69 characters.) >>>>>>> * 69 characters for sourcecode elements. >>>>>>> >>>>>>> Original (2 instances): >>>>>>> TT = ComputeTranscript(Context, idProver, idVerifier, X, Y, Z, V, w0) >>>>>>> >>>>>>> Perhaps: >>>>>>> TT = ComputeTranscript(Context, idProver, idVerifier, X, Y, Z, >>>>>>> V, w0) >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 19) <!-- [rfced] Appendix B: We found "the table below" in this >>>>>>> sentence confusing, as there isn't a table below this text. >>>>>>> We find '"1.3.132.0.35 point generation seed (M)" for P-512' >>>>>>> confusing as well, because we see 1.3.132.0.35 associated with P521 >>>>>>> ("For P521:") in Section 4. >>>>>>> >>>>>>> (We also see 1.3.132.0.35 associated with P521 on >>>>>>> <http://www.oid-info.com/ >>>>>>> cgi-bin/display?oid=1.3.132.0.35&action=display> and in RFC 5480.) >>>>>>> >>>>>>> May we change "table" to "Python snippet", per the paragraph just >>>>>>> before the Python snippet? >>>>>>> Should either P-512 or P521 (but not both) be used to refer to >>>>>>> 1.3.132.0.35? >>>>>>> >>>>>>> Original: >>>>>>> For each curve in the table below, we construct a string using the >>>>>>> curve OID from [RFC5480] (as an ASCII string) or its name, combined >>>>>>> with the needed constant, for instance "1.3.132.0.35 point >>>>>>> generation seed (M)" for P-512. >>>>>>> >>>>>>> Possibly: >>>>>>> For each curve in the Python snippet below, we construct a string >>>>>>> using the curve OID from [RFC5480] (as an ASCII string) or its name, >>>>>>> combined with the needed constant - for instance, "1.3.132.0.35 point >>>>>>> generation seed (M)" for P521. --> >>>>>>> >>>>>>> >>>>>>> 20) <!--[rfced] Appendix C: FYI, the one large artwork element has been >>>>>>> separated, as there seems to be 7 vectors. Please let us know if you >>>>>>> prefer otherwise. >>>>>>> --> >>>>>>> >>>>>>> >>>>>>> 21) <!-- [rfced] Please review the "Inclusive Language" portion of the >>>>>>> online Style Guide at<https://www.rfc-editor.org/styleguide/part2/#inclusive_language>, >>>>>>> and let us know if any changes are needed. >>>>>>> >>>>>>> Note that our script did not flag any words in particular, but this >>>>>>> should still be reviewed as a best practice. --> >>>>>>> >>>>>>> >>>>>>> 22) <!-- [rfced] The following term appears to be used inconsistently in >>>>>>> this document. Please let us know which form is preferred. >>>>>>> >>>>>>> Password Hashing Function / password hash function --> >>>>>>> >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> RFC Editor/ar/lb >>>>>>> >>>>>>> >>>>>>> On Apr 3, 2023,rfc-editor@rfc-editor.org wrote: >>>>>>> >>>>>>> *****IMPORTANT***** >>>>>>> >>>>>>> Updated 2023/04/03 >>>>>>> >>>>>>> RFC Author(s): >>>>>>> -------------- >>>>>>> >>>>>>> Instructions for Completing AUTH48 >>>>>>> >>>>>>> Your document has now entered AUTH48. Once it has been reviewed and >>>>>>> approved by you and all coauthors, it will be published as an RFC. >>>>>>> If an author is no longer available, there are several remedies >>>>>>> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >>>>>>> >>>>>>> You and you coauthors are responsible for engaging other parties >>>>>>> (e.g., Contributors or Working Group) as necessary before providing >>>>>>> your approval. >>>>>>> >>>>>>> Planning your review >>>>>>> --------------------- >>>>>>> >>>>>>> Please review the following aspects of your document: >>>>>>> >>>>>>> * RFC Editor questions >>>>>>> >>>>>>> Please review and resolve any questions raised by the RFC Editor >>>>>>> that have been included in the XML file as comments marked as >>>>>>> follows: >>>>>>> >>>>>>> <!-- [rfced] ... --> >>>>>>> >>>>>>> These questions will also be sent in a subsequent email. >>>>>>> >>>>>>> * Changes submitted by coauthors >>>>>>> >>>>>>> Please ensure that you review any changes submitted by your >>>>>>> coauthors. We assume that if you do not speak up that you >>>>>>> agree to changes submitted by your coauthors. >>>>>>> >>>>>>> * Content >>>>>>> >>>>>>> Please review the full content of the document, as this cannot >>>>>>> change once the RFC is published. Please pay particular attention to: >>>>>>> - IANA considerations updates (if applicable) >>>>>>> - contact information >>>>>>> - references >>>>>>> >>>>>>> * Copyright notices and legends >>>>>>> >>>>>>> Please review the copyright notice and legends as defined in >>>>>>> RFC 5378 and the Trust Legal Provisions >>>>>>> (TLP –https://trustee.ietf.org/license-info/). >>>>>>> >>>>>>> * Semantic markup >>>>>>> >>>>>>> Please review the markup in the XML file to ensure that elements of >>>>>>> content are correctly tagged. For example, ensure that <sourcecode> >>>>>>> and <artwork> are set correctly. See details at >>>>>>> <https://authors.ietf.org/rfcxml-vocabulary>. >>>>>>> >>>>>>> * Formatted output >>>>>>> >>>>>>> Please review the PDF, HTML, and TXT files to ensure that the >>>>>>> formatted output, as generated from the markup in the XML file, is >>>>>>> reasonable. Please note that the TXT will have formatting >>>>>>> limitations compared to the PDF and HTML. >>>>>>> >>>>>>> >>>>>>> Submitting changes >>>>>>> ------------------ >>>>>>> >>>>>>> To submit changes, please reply to this email using ‘REPLY ALL’ as all >>>>>>> the parties CCed on this message need to see your changes. The parties >>>>>>> include: >>>>>>> >>>>>>> * your coauthors >>>>>>> >>>>>>> *rfc-editor@rfc-editor.org (the RPC team) >>>>>>> >>>>>>> * other document participants, depending on the stream (e.g., >>>>>>> IETF Stream participants are your working group chairs, the >>>>>>> responsible ADs, and the document shepherd). >>>>>>> >>>>>>> *auth48archive@rfc-editor.org, which is a new archival mailing list >>>>>>> to preserve AUTH48 conversations; it is not an active discussion >>>>>>> list: >>>>>>> >>>>>>> * More info: >>>>>>> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >>>>>>> >>>>>>> * The archive itself: >>>>>>> https://mailarchive.ietf.org/arch/browse/auth48archive/ >>>>>>> >>>>>>> * Note: If only absolutely necessary, you may temporarily opt out >>>>>>> of the archiving of messages (e.g., to discuss a sensitive matter). >>>>>>> If needed, please add a note at the top of the message that you >>>>>>> have dropped the address. When the discussion is concluded, >>>>>>> auth48archive@rfc-editor.org will be re-added to the CC list and >>>>>>> its addition will be noted at the top of the message. >>>>>>> >>>>>>> You may submit your changes in one of two ways: >>>>>>> >>>>>>> An update to the provided XML file >>>>>>> — OR — >>>>>>> An explicit list of changes in this format >>>>>>> >>>>>>> Section # (or indicate Global) >>>>>>> >>>>>>> OLD: >>>>>>> old text >>>>>>> >>>>>>> NEW: >>>>>>> new text >>>>>>> >>>>>>> You do not need to reply with both an updated XML file and an explicit >>>>>>> list of changes, as either form is sufficient. >>>>>>> >>>>>>> We will ask a stream manager to review and approve any changes that seem >>>>>>> beyond editorial in nature, e.g., addition of new text, deletion of text, >>>>>>> and technical changes. Information about stream managers can be found in >>>>>>> the FAQ. Editorial changes do not require approval from a stream manager. >>>>>>> >>>>>>> >>>>>>> Approving for publication >>>>>>> -------------------------- >>>>>>> >>>>>>> To approve your RFC for publication, please reply to this email stating >>>>>>> that you approve this RFC for publication. Please use ‘REPLY ALL’, >>>>>>> as all the parties CCed on this message need to see your approval. >>>>>>> >>>>>>> >>>>>>> Files >>>>>>> ----- >>>>>>> >>>>>>> The files are available here: >>>>>>> https://www.rfc-editor.org/authors/rfc9383.xml >>>>>>> https://www.rfc-editor.org/authors/rfc9383.html >>>>>>> https://www.rfc-editor.org/authors/rfc9383.pdf >>>>>>> https://www.rfc-editor.org/authors/rfc9383.txt >>>>>>> >>>>>>> Diff file of the text: >>>>>>> https://www.rfc-editor.org/authors/rfc9383-diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9383-rfcdiff.html (side by side) >>>>>>> >>>>>>> Diff of the XML: >>>>>>> https://www.rfc-editor.org/authors/rfc9383-xmldiff1.html >>>>>>> >>>>>>> Tracking progress >>>>>>> ----------------- >>>>>>> >>>>>>> The details of the AUTH48 status of your document are here: >>>>>>> https://www.rfc-editor.org/auth48/rfc9383 >>>>>>> >>>>>>> Please let us know if you have any questions. >>>>>>> >>>>>>> Thank you for your cooperation, >>>>>>> >>>>>>> RFC Editor >>>>>>> >>>>>>> -------------------------------------- >>>>>>> RFC9383 (draft-bar-cfrg-spake2plus-08) >>>>>>> >>>>>>> Title : SPAKE2+, an Augmented PAKE >>>>>>> Author(s) : T. Taubert, C.A. Wood >>>>>
- [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cfrg-s… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Tim Taubert
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Alice Russo
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Tim Taubert
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Alice Russo
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Tim Taubert
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Christopher Wood
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Independent Submissions Editor (Eliot Lear)
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Independent Submissions Editor (Eliot Lear)
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Christopher Wood
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Independent Submissions Editor (Eliot Lear)
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Christopher Wood
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Independent Submissions Editor (Eliot Lear)
- Re: [auth48] AUTH48: RFC-to-be 9383 <draft-bar-cf… Lynne Bartholomew