Re: [Cfrg] 40 bit loop and DragonFly
"Dan Harkins" <dharkins@lounge.org> Tue, 07 January 2014 17:47 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73A091AE0B4 for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2014 09:47:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opp5h7e7Zy-u for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2014 09:47:26 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 58BA81AE0AE for <cfrg@irtf.org>; Tue, 7 Jan 2014 09:47:26 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 8988910224008; Tue, 7 Jan 2014 09:47:17 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 7 Jan 2014 09:47:17 -0800 (PST)
Message-ID: <bca887e89b7aa6f7e334884d4d9ced1c.squirrel@www.trepanning.net>
In-Reply-To: <CACsn0ckGp585Tt+mkk0Bq+c23_ty61SCDgHPJ2KqdhOT77qZaQ@mail.gmail.com>
References: <3C4AAD4B5304AB44A6BA85173B4675CABA99F80C@MSMR-GH1-UEA03.corp.nsa.gov> <A113ACFD9DF8B04F96395BDEACB340420B77D4CC@xmb-rcd-x04.cisco.com> <3C4AAD4B5304AB44A6BA85173B4675CABA9A0B90@MSMR-GH1-UEA03.corp.nsa.gov> <CACsn0cm25it9B2OiwJ-mRkGMfmAjG8WLHkyb7CXn6tF1EL9mFg@mail.gmail.com> <CAGZ8ZG1bSSKNsmKWd11_Fvh3XOrS37zaAuJ_L14sM4KBH50+4Q@mail.gmail.com> <9436e5ac51ded5f15545d4d63f1b490e.squirrel@www.trepanning.net> <CACsn0ckGp585Tt+mkk0Bq+c23_ty61SCDgHPJ2KqdhOT77qZaQ@mail.gmail.com>
Date: Tue, 07 Jan 2014 09:47:17 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Watson Ladd <watsonbladd@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: trevp@trevp.net, cfrg@irtf.org
Subject: Re: [Cfrg] 40 bit loop and DragonFly
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 17:47:27 -0000
On Tue, January 7, 2014 5:47 am, Watson Ladd wrote: > Try writing up SPAKE2, submit it, and see how long it takes to > get a good standard through. You're the one proposing it, why don't you? In fact, since you have previously stated it really only takes 30 minutes to write an interoperable standard why don't you do it during your lunch hour? > Dragonfly has unfixable flaws relating to its provable security that will > prevent me from endorsing it for any protocol, ever. I am not alone in > thinking that we should expect more from the protocols we standardize. > > Also, is this implemented in OpenSSL or NSS or PolarSSL? Not yet. ZZzzzztt! Wrong. I implemented it in OpenSSL. That's where Appendix A of draft-ietf-tls-pwd came from. In fact, the sample exchange was from my EST client talking to my EST server being authenticated with TLS-pwd. > Lastly, if this was needed for EST to work, they should have noticed > this dependency, and tackled it head on. That they punted on > this problem does not mean it is our responsibility to fix it. You use pronouns very loosely. And you exaggerate a bit too much. Nobody said it was necessary for EST to work. It's needed for EST to be deployed properly in many situations where there is no trust anchor database established before the EST exchange is initiated. There is a chicken-and-egg problem with needing a certificate to get a certificate. Understand? Dan.
- [Cfrg] 40 bit loop and DragonFly Igoe, Kevin M.
- [Cfrg] 40 long loop, not 40 bit loop Igoe, Kevin M.
- Re: [Cfrg] 40 bit loop and DragonFly Stephen Farrell
- [Cfrg] On interpreting IPR in the IETF Paul Hoffman
- Re: [Cfrg] 40 bit loop and DragonFly Scott Fluhrer (sfluhrer)
- Re: [Cfrg] 40 bit loop and DragonFly Igoe, Kevin M.
- Re: [Cfrg] 40 bit loop and DragonFly Watson Ladd
- Re: [Cfrg] 40 bit loop and DragonFly Trevor Perrin
- Re: [Cfrg] 40 bit loop and DragonFly David Jacobson
- Re: [Cfrg] 40 bit loop and DragonFly Dan Harkins
- Re: [Cfrg] 40 bit loop and DragonFly Watson Ladd
- Re: [Cfrg] 40 bit loop and DragonFly Dan Harkins
- Re: [Cfrg] 40 bit loop and DragonFly Feng Hao
- Re: [Cfrg] 40 bit loop and DragonFly Watson Ladd