[Cfrg] Proposed PAKE Selection Process
Nick Sullivan <nick@cloudflare.com> Fri, 24 May 2019 18:39 UTC
Return-Path: <nick@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E76120304 for <cfrg@ietfa.amsl.com>; Fri, 24 May 2019 11:39:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxdKBmz3w4lw for <cfrg@ietfa.amsl.com>; Fri, 24 May 2019 11:38:58 -0700 (PDT)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A273812004B for <cfrg@irtf.org>; Fri, 24 May 2019 11:38:58 -0700 (PDT)
Received: by mail-ua1-x934.google.com with SMTP id 7so3999100uah.1 for <cfrg@irtf.org>; Fri, 24 May 2019 11:38:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=s/AleDONAnQK6k72krsZ0PqNL69jT+1homov9cfyiVI=; b=j5ubVg5yQK9MiavrQRzyBmn53hWK0rkxEAa9hFRDv0ssmlBa0OECpgDyj9fCQc5gLX 0T32+BkO8ODWhEXIqJXOvBSZbIrPEgw7jIglnoUEI94DSxOxXi7m0sSPemoh3bveTCwA 7+/lD/fk9HpIJZlxq512+WUyN4bfrTwNoR2uQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=s/AleDONAnQK6k72krsZ0PqNL69jT+1homov9cfyiVI=; b=YJlXMDC+887rLFoB7f4qrbxImxS7NuA+6N1zKrzHWo1F3hm9fQcpfPvOn90trRNIe9 B0I2jpYvvldd1P9ejig5XFBTnr+tFI4u1zUKebYGZUds6kDaWExRE6JSTuz5R10CtD82 YI/Q4zTid2j7jtjzeCJcm9xuj3TyGX4a2JkAbZwJAdzpRmMdKcqj/Auoj8X8PGitpXTE QJ9MMrAbPXPD5XBS32xpoLXBrRPaRWUBnsQeETsucf9ouSrr6vc9vaOCSF+qPK6zwSUE /4DtbAQLZ+GHJWwXdeZxqsIGDqRNf/3Dro8tY75Bh/3uCphtqhNoRviIqXKZ3E1lPmMl RQOg==
X-Gm-Message-State: APjAAAWvsdnRG+RSqVYuM+80WODzgI+Nh6TtTtzUeg+GS3cIWW8sCCTA piLNFy8Gt/cJxxdQzQqgTnM+WiUl2KK3JIGhMTcjmSe8+7kxZA==
X-Google-Smtp-Source: APXvYqxGv69usto4ue8asRVxpXypn7Q3yA6zbdsrzwr/vbslgf5PhQxxywgwhKRRfgOrkezYCCS5J/jvHLNlKv0uBwQ=
X-Received: by 2002:ab0:6099:: with SMTP id i25mr33583093ual.55.1558723136673; Fri, 24 May 2019 11:38:56 -0700 (PDT)
MIME-Version: 1.0
From: Nick Sullivan <nick@cloudflare.com>
Date: Fri, 24 May 2019 11:38:45 -0700
Message-ID: <CAFDDyk9RXZrBoQ0s0_cj_Q0PPYkaVjnx7voctz0TU8dL57B+1A@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000dd88100589a6820b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-J43ZsPw2J5MBC-k8y6--kJJtZk>
Subject: [Cfrg] Proposed PAKE Selection Process
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 18:39:01 -0000
Dear CFRG, We’re planning to start the main phase of PAKE selection process. This proposal was developed by Stanislav Smyshlyaev with the support of the CFRG chairs. In addition to helping drive this PAKE selection process, Stanislav has been selected to the role of Secretary of the CFRG, a position that was previously vacant. To be 100% sure that the process will be as transparent and effective as possible, we would like to announce the proposed plan of handling the process. If you have any concerns about the plan, please send them to the chairs before 27.05.2019. Step 1, 01.06.2019-30.06.2019: · Call for candidate protocols. Note: the chairs especially encourage to nominate PAKEs that have been discussed in CFRG recently (the list can be found in the slides from IETF 104 CFRG session <https://www.ietf.org/proceedings/104/slides/slides-104-cfrg-pake-selection-01.pdf>, slide 9). Third Party nominations are encouraged. · Discussing the list of questions to be asked in addition to the ones that are present in RFC 8125. Starting point for such list of questions can be the questions gathered before IETF 104 (can be found in the slides from IETF 104 CFRG session <https://www.ietf.org/proceedings/104/slides/slides-104-cfrg-pake-selection-01.pdf>, slides 7-8). Step 2, 01.07.2019-19.07.2019: · The designers of the protocols (or persons who volunteered to push them forward) prepare papers with: a. expanded answers for all positions of RFC 8125; b. their own opinions on additional questions selected at Step 1 (they could be incomplete in some sense – for example, a designer of a PAKE might not be an expert in TLS and might not be able to reply how his PAKE can be incorporated in TLS 1.3). IETF 105 meeting: · The chairs give a review of the progress with the process and make corrections of plans. · The chairs enumerate questions (from the list that has been prepared during Step 1) which should be considered by independent reviewers before asking the Crypto Review Panel for reviews and analysis. For instance, it will be important that experts from other WGs consider how certain PAKEs fits into TLS 1.3, or into IoT devices. Further steps (subject to corrections after IETF 105 meeting). Step 3, 01.08.2019-15.08.2019: · Call for reviewers for the enumerated questions, which require additional consideration. · Crypto Review Panel members start the process of verification of security proofs of the candidates (Requirement 2 in RFC 8125). Step 4, 16.08.2019-15.09.2019: · The reviewers who volunteered at step 3 prepare their analysis regarding the assigned questions. · Crypto Review Panel members are in the process of verification of security proofs of the candidates (Requirement 2 in RFC 8125). Step 5, 16.09.2019-30.10.2019: · Crypto Review Panel members review all gathered materials on each of the protocols to prepare the final list of verified answers to the positions of RFC 8125 and all additional questions from the list that has been prepared during Step 1. · If additional explanations are needed, Crypto Review Panel members ask for them from the designers. · Crypto Review Panel members write overall reviews for all candidate PAKEs, based on the materials that have been gathered and verified. Step 6, 01.11.2019-16.11.2019: · CFRG chairs discuss the obtained reviews and make their recommendations to CFRG (or convey to CFRG that they can’t make a recommendation yet). IETF 106 meeting: · The chairs give a review of the progress with the process and make corrections of plans. · If everything is clear: o one (or more) PAKEs are selected; o the process with CFRG document “Recommendations for password-based authenticated key establishment in IETF protocols” is initiated: all practically important recommendations (parameter selection, protecting implementations against side-channel attacks, handling of counters etc.) must be given there; o at this point documents on usage of selected PAKEs in TLS/IPsec/etc. can be developed. Best regards, Nick on behalf of Stanislav, Kenny, and Alexey
- [Cfrg] Proposed PAKE Selection Process Nick Sullivan
- Re: [Cfrg] Proposed PAKE Selection Process William Whyte
- Re: [Cfrg] Proposed PAKE Selection Process Stephen Farrell
- Re: [Cfrg] Proposed PAKE Selection Process Stanislav V. Smyshlyaev
- Re: [Cfrg] Proposed PAKE Selection Process Hao, Feng
- [Cfrg] Nomination of AuCPace and CPace as balance… Björn Haase
- Re: [Cfrg] Proposed PAKE Selection Process Crockett, Eric
- Re: [Cfrg] Proposed PAKE Selection Process steve
- Re: [Cfrg] Proposed PAKE Selection Process Hugo Krawczyk
- Re: [Cfrg] Proposed PAKE Selection Process Björn Haase