Re: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Information regarding SPAKE2
Björn Haase <bjoern.haase@endress.com> Fri, 19 July 2019 07:47 UTC
Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4EB4120134 for <cfrg@ietfa.amsl.com>; Fri, 19 Jul 2019 00:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=FMmxy71U; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=WhKmUfah
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-7ZdN4hG4y3 for <cfrg@ietfa.amsl.com>; Fri, 19 Jul 2019 00:47:23 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50089.outbound.protection.outlook.com [40.107.5.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A28C512012E for <cfrg@irtf.org>; Fri, 19 Jul 2019 00:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PtWekpEhIgoowRfWB6Sn+Ldhu9HEeaciauBAWxlXnWQ=; b=FMmxy71UdmhSzJhDp3tvgP9ESYY4WhKouzdVivQ/tkzPTSuD+NkDaCZyOxR6pxfRuatK9GmO87/XS8D/I3RwKKLHVU7FqQi9FnYnSKOBo/GrsfXTIRtTmQGdiYe6412nf/gpX8VwbxdqNgwAhrAN0DUKA94xitF8hY2El9/XB5A=
Received: from AM6PR0502CA0065.eurprd05.prod.outlook.com (2603:10a6:20b:56::42) by AM0PR0502MB3924.eurprd05.prod.outlook.com (2603:10a6:208:20::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.11; Fri, 19 Jul 2019 07:47:20 +0000
Received: from VE1EUR03FT008.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::207) by AM6PR0502CA0065.outlook.office365.com (2603:10a6:20b:56::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2094.12 via Frontend Transport; Fri, 19 Jul 2019 07:47:20 +0000
Authentication-Results: spf=pass (sender IP is 40.113.82.155) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 40.113.82.155 as permitted sender) receiver=protection.outlook.com; client-ip=40.113.82.155; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (40.113.82.155) by VE1EUR03FT008.mail.protection.outlook.com (10.152.18.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Fri, 19 Jul 2019 07:47:19 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Fri, 19 Jul 2019 09:47:18 +0200
Received: from EUR04-HE1-obe.outbound.protection.outlook.com ([104.47.13.53]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Fri, 19 Jul 2019 09:47:18 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AYQ7enejVAwj9w7AmgzXYwcq8CEciQ7lVj+49tEIJ4xjxQ0UiMMS+m3MOAH8wO7VJkJw+slxPlnWHJspeyT5CuwmidD8gEpQx1SO1yi5qu7Qb+9p13gpNnbqEIKcPXZ2CzI1lOBTf617/B85Ekn/l+8R1Ytgq2k1w5xWctrckdI5eZPVfVN0uYrG2MCHmvaimhl3aKfxxpCq3zlGee8TuzN4NmsKij63s8sXiA/z863rBqZMoA1DDHv87JqGobMdaDV7oRQwc9rYcMCPoE6NmUY2E2V5PIGaLSfttiIEFor+2VCPHc+YRgGjjICr2z+9Mrox7jKyYNiosZqwLHvrzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jq9IYyJF7p1uURrEJ+fMCtXkaaIeS/+MH0pwLFwLrvM=; b=gUvfCaHql845HHdVO2tXNVDUFLH5uhBjp4k6p7LpGI981EBlZFyws1BjtMi2yzd+OdcG0kwB5g6zHYvMw8CAqDo8B+izcHhtp2EkcZa41+6xAPSzUHbSXI6OGqa9aF7sn9013WQ/aLj8Tx+BLv0MRWjd8XdZf5Wu0kirhH2EIGsjGdcA6wsZhXEVrcV4GJlBQUMilCmRo1RAJDlEWkYcvRvIe41PT3f8Qk3v5KohKMzXbl8KK0NrNBKHHqPY3UK6N9Ta1D65qaM9svhMY1Xkn3cSw9BJCmE1zT3/U6g9uj3+bvCNkNaDURVCg/jFCf2E2L2djopcvp2zlHWqNqLM7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=endress.com;dmarc=pass action=none header.from=endress.com;dkim=pass header.d=endress.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jq9IYyJF7p1uURrEJ+fMCtXkaaIeS/+MH0pwLFwLrvM=; b=WhKmUfahcGAfRtVcQfrdwKX1jHTOHoFrxEJ76jK7GMKhYATiG1LvklQ6CG/1SzovVh2KVqSMy62JuqAAnnl5AesujQb8sUqGJ3DZNYR+6WhUsu+lvZbrQgNXqEXfWMEq/lPM6yiBShrrnvzFttC5MOlA9ILuJYJA1wjtJEIE6vc=
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com (10.169.135.11) by VI1PR0501MB2574.eurprd05.prod.outlook.com (10.168.137.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.12; Fri, 19 Jul 2019 07:47:16 +0000
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d802:c0a5:12ac:dc2d]) by VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d802:c0a5:12ac:dc2d%6]) with mapi id 15.20.2073.012; Fri, 19 Jul 2019 07:47:16 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: Watson Ladd <watsonbladd@gmail.com>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
CC: CFRG <cfrg@irtf.org>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
Thread-Topic: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Information regarding SPAKE2
Thread-Index: AdU+BiOy7fRabeG+QUyYLWjU3QPNJQ==
Content-Class:
Date: Fri, 19 Jul 2019 07:47:16 +0000
Message-ID: <VI1PR0501MB22557E41BC4AE7373A60BC8F83CB0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-07-19T07:47:14.0258246Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=7461e8f3-d388-41f3-8226-90b387b5def8; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [93.240.145.106]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 2d893729-d5e4-4e32-b3f5-08d70c1d53c8
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1PR0501MB2574;
X-MS-TrafficTypeDiagnostic: VI1PR0501MB2574:|AM0PR0502MB3924:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <AM0PR0502MB3924447FD857E3B58DF5558583CB0@AM0PR0502MB3924.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 01039C93E4
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(136003)(396003)(39860400002)(376002)(199004)(189003)(99286004)(8676002)(305945005)(74316002)(316002)(110136005)(54906003)(7736002)(6306002)(9686003)(55016002)(53936002)(86362001)(81166006)(81156014)(8936002)(6436002)(33656002)(4326008)(476003)(71190400001)(71200400001)(102836004)(6506007)(7696005)(2906002)(186003)(52536014)(45776006)(76116006)(66446008)(64756008)(66556008)(66946007)(66476007)(68736007)(5660300002)(66066001)(6116002)(3846002)(14454004)(486006)(25786009)(14444005)(256004)(478600001)(966005)(413944005)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0501MB2574; H:VI1PR0501MB2255.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: qgLE4E25+ig+T1hYD+SgiwIToOD/b6shaSQW7ho0WrPSuim/oduKvnyExu8Hsw4vLXhDximm2rxb4ipwP7R/7inGfKNf40b29Rkqi9E/4kdGXvP87BApgOQ6ebjef6tzQMJFarjaz2IVgmrUMX4jFwOL8ASaReV3MBnd5JX76xcrUjW8wGYenDeVHtjuXCFGHqA5XXPEZ+DgLSHIrdc+W3XjB+NkklMAmDgg0xlso8xA10C9PU7tSCi10QMgNmHGdNnrr7iqZOoUylpXC06CADL4kAiVaDtwEX963qrKQpljQ6x1bPVGg1LWrEy05qN7PMJCGm2bq8EMxoM6QmErnn88CK8QKe/ZqqI7DDVN5YgS3rfOTBbgWd+1MOCIRy9DM0ovyTkLvr3vSlEFWVMB1NdrsoDXYlaCG+IfwXydsBM=
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0501MB2574
X-OriginalArrivalTime: 19 Jul 2019 07:47:18.0260 (UTC) FILETIME=[308D7340:01D53E06]
X-Trailer: 1
X-GBS-PROC: nlSwubcxKy4mtP1qiWQPcFU4udg51V8ATlIhtGYd92Q=
X-GRP-TAN: IQNE01@79F203F3D89141FF9512944742C8CCD3
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT008.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:40.113.82.155; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(376002)(136003)(346002)(2980300002)(199004)(189003)(26234003)(7696005)(66066001)(50466002)(26826003)(478600001)(8936002)(68736007)(305945005)(74316002)(7736002)(47776003)(15974865002)(86362001)(45776006)(70586007)(70206006)(23746002)(66574012)(356004)(6116002)(3846002)(25786009)(76130400001)(5660300002)(33656002)(126002)(26005)(186003)(2906002)(6506007)(69596002)(14454004)(102836004)(14444005)(52536014)(99286004)(413944005)(966005)(107886003)(81166006)(81156014)(53936002)(8746002)(4326008)(9686003)(6306002)(55016002)(8676002)(316002)(476003)(486006)(336012)(54906003)(110136005)(106002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR0502MB3924; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 6a43b1a3-707f-4b86-0bcd-08d70c1d51d9
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM0PR0502MB3924;
X-Forefront-PRVS: 01039C93E4
X-Microsoft-Antispam-Message-Info: ip1PEFNtLnbgNQt03/ssSTyejhWyQrr+Xq9sJn04oqlByFW1iRMcJLvnYfs8gAID+In5GniMBlLroJgCckIhtdaeVUfV6qTAcf52yH6Rz0oht633I05tovCdkRlbS3evLrZohlk+wzU3J9RGqe5FGx8j5DbcTjPvojH02vGh4jngNyagBpQMahou8qKVE7ywiYwzKKeyuf8sUb9siTeQW5+TID6I43GFbxrWxjj8MGBMvWEe6qN/mpnFvYPvg3TUd9C4KMpw6G/jmxUpGDByNXX9daUKeN1lIUfwZKZEGJLw8Rfssp739GvMfuT/8Fv0t5raIAWmXx8ohFzA67qwk9T+woRThGL5SqwyJ14RNcHgyyfCPpR/qEnsFx1aQion1zcAlWxtBC2juk2VLATzezpnNzP2vmeEAVm9oK6DAqQ=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2019 07:47:19.4100 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d893729-d5e4-4e32-b3f5-08d70c1d53c8
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[40.113.82.155]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0502MB3924
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/28La-UQyKqpDyaLeIZ_ikD5ccoY>
Subject: Re: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Information regarding SPAKE2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2019 07:47:27 -0000
Dear Watson, I am having two remarks regarding your description of SPAKE2 1.) Regarding request 2: >R2: >There is a security proof in > >Abdalla, M. and D. Pointcheval, "Simple Password-Based > Encrypted Key Exchange Protocols.", Feb 2005. > > Appears in A. Menezes, editor. Topics in Cryptography- > CT-RSA 2005, Volume 3376 of Lecture Notes in Computer > Science, pages 191-208, San Francisco, CA, US. Springer- > Verlag, Berlin, Germany. >in the ROM. I would like to add the pointer to the recent paper of Becerra, Ostrev, and Skrobot https://eprint.iacr.org/2019/351 This paper addresses the problem that the proof from Abdalla and Pointcheval did not cover forward secrecy. (I actually did not yet find time to review and analyze it in detail but it did pass peer review for ProvSec 2018.) I.e. since 2018 SPAKE2 provides has a proofs regarding forward secrecy. 2.) "Trusted Setup" I have the impression that we have a wording / language problem here. My understanding is the following: When using the term "trusted setup" most people on the list might explicitly be referring to special points as used in constructions such as TBPEKE, VTBPEKE, SPAKE2 (and CPace with patent circumvention from Appendix A of the AuCPace paper). Agreeing on this wording aspect might be important for the discussion, because this (in my opinion) is the specific advantage of constructions such as J-PAKE. My suggestion is: Lets agree on the wording "Trusted setup" includes "Special points". Mit freundlichen Grüßen I Best Regards Dr. Björn Haase Senior Expert Electronics | TGREH Electronics Hardware Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany Phone: +49 7156 209 377 | Fax: +49 7156 209 221 bjoern.haase@endress.com | www.conducta.endress.com Endress+Hauser Conducta GmbH+Co.KG Amtsgericht Stuttgart HRA 201908 Sitz der Gesellschaft: Gerlingen Persönlich haftende Gesellschafterin: Endress+Hauser Conducta Verwaltungsgesellschaft mbH Sitz der Gesellschaft: Gerlingen Amtsgericht Stuttgart HRA 201929 Geschäftsführer: Dr. Manfred Jagiella Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben. Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach. Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
- Re: [Cfrg] PAKE selection process: status after P… Björn Haase
- Re: [Cfrg] PAKE selection process: status after P… Watson Ladd