Re: [Cfrg] 40 bit loop and DragonFly

"Dan Harkins" <> Tue, 07 January 2014 17:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 73A091AE0B4 for <>; Tue, 7 Jan 2014 09:47:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id opp5h7e7Zy-u for <>; Tue, 7 Jan 2014 09:47:26 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 58BA81AE0AE for <>; Tue, 7 Jan 2014 09:47:26 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id 8988910224008; Tue, 7 Jan 2014 09:47:17 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Tue, 7 Jan 2014 09:47:17 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <>
Date: Tue, 7 Jan 2014 09:47:17 -0800 (PST)
From: "Dan Harkins" <>
To: "Watson Ladd" <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [Cfrg] 40 bit loop and DragonFly
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jan 2014 17:47:27 -0000

On Tue, January 7, 2014 5:47 am, Watson Ladd wrote:
> Try writing up SPAKE2, submit it, and see how long it takes to
> get a good standard through.

  You're the one proposing it, why don't you? In fact, since you have
previously stated it really only takes 30 minutes to write an
interoperable standard why don't you do it during your lunch hour?

> Dragonfly has unfixable flaws relating to its provable security that will
> prevent me from endorsing it for any protocol, ever. I am not alone in
> thinking that we should expect more from the protocols we standardize.
> Also, is this implemented in OpenSSL or NSS or PolarSSL? Not yet.

  ZZzzzztt! Wrong. I implemented it in OpenSSL. That's where Appendix
A of draft-ietf-tls-pwd came from. In fact, the sample exchange was
from my EST client talking to my EST server being authenticated with

> Lastly, if this was needed for EST to work, they should have noticed
> this dependency, and tackled it head on. That they punted on
> this problem does not mean it is our responsibility to fix it.

  You use pronouns very loosely. And you exaggerate a bit too much.
Nobody said it was necessary for EST to work. It's needed for EST to
be deployed properly in many situations where there is no trust
anchor database established before the EST exchange is initiated.
There is a chicken-and-egg problem with needing a certificate to
get a certificate. Understand?