[Cfrg] Fwd: New Version Notification for draft-krawczyk-cfrg-opaque-06.txt
Hugo Krawczyk <hugokraw@gmail.com> Sat, 20 June 2020 04:25 UTC
Return-Path: <hugokraw@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6BE93A1033 for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2020 21:25:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yb8iiTxts7qg for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2020 21:25:33 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 983E33A1031 for <cfrg@ietf.org>; Fri, 19 Jun 2020 21:25:33 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id y6so9344482edi.3 for <cfrg@ietf.org>; Fri, 19 Jun 2020 21:25:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=KdMyojfBW5eveuYMmoLJk41WdV+73e1uUMg/IIZrAds=; b=Y1IuaFOIW0ePHjHJDFtmEggA7LxDtSUWAh3hW8HDsFv01aVxwrvCNNWJTc9riXxMOJ diKcKzCxoSwuBGfjSp8eHdFt+8lXGyjIqiR9a+PVwgnFz1G4PANfhO7f1DRiKFz//rRO EQWdFgDX6qHVWTvXC2UoP7fYwLXKk58Y1KHWxu+qVL0za8e+9PPIPvRCt8wMhcrVFtOG 9FmD5UfNKzr1zKRscWlZBo3RJR7kMS0+QzGTWh0ypPCdsmInGTXl+Tl0I6xMXETIfdYO M9YscG8WlYOt1svl0e1GeG8+HgpAa6Sc1KP8Kn22sUr4iNdDBb/kSS7gY+ObJ4k6Vqqf mCpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=KdMyojfBW5eveuYMmoLJk41WdV+73e1uUMg/IIZrAds=; b=DdDmdm9sk6QmVp9eoy29HzH+H5UeLwAO9TdOFh0CSM/TVSmEuyADG+PIgVARl6otCA 6RFN77EQ39ykWlAFlA4DCZYuIujDmSTiiQmTADjC0pfLjt8ahdc+e2BjmeDJsW5uMdYS Ut5Jq5tjpfkq6eg6fIn5er6lu2VV557de/b9dApdNZrG8F38ePLnYQV7MKgX1+qfNBpO 3/9iKO3urSgto9dzJ4cW3ggCohTwClvtuAMULXaCagcKZ6TaACso+vsU9BsUdOqUOj73 gFfflvcuw1/sJUTb9iHEIzo+JG8f+FvdNctlKcnaJm8jfAJRw3L2U7OLsufuLPHsneKk CboQ==
X-Gm-Message-State: AOAM5339Vk7IwT1rbmGzLUVv3DfGO/RIcIAdL57Dm8DNJhU4Pf5cp1MB 1ccVjZutpZVTSPdAINjtp6nsDR4uhPDS+X9ddr8EI7Dt
X-Google-Smtp-Source: ABdhPJwepnqoKcUptKNCw15t+ukFXwb5Gs/6PfNLUe8fFaXfeGe4Y52u3/e+8zCmAJf+98D2QsYXzIaYuiHrQGVDjMg=
X-Received: by 2002:aa7:d9d3:: with SMTP id v19mr6320928eds.364.1592627131801; Fri, 19 Jun 2020 21:25:31 -0700 (PDT)
MIME-Version: 1.0
References: <159262685532.16711.9973805881349722696@ietfa.amsl.com>
In-Reply-To: <159262685532.16711.9973805881349722696@ietfa.amsl.com>
From: Hugo Krawczyk <hugokraw@gmail.com>
Date: Sat, 20 Jun 2020 00:25:05 -0400
Message-ID: <CADi0yUMB+gyzTuDFW_fVsB6wecWaR=tJrwsYUhGO5ehzafKRAQ@mail.gmail.com>
To: "<cfrg@ietf.org>" <cfrg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000073644305a87c66f4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3DPxQTpT-yd-OOIgAslmM0h8KAI>
Subject: [Cfrg] Fwd: New Version Notification for draft-krawczyk-cfrg-opaque-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jun 2020 04:25:36 -0000
A new version of draft-krawczyk-cfrg-opaque is available. It has an important change in the way secret information under the envelope EnvU is protected. There is no form of optional encryption or use of counter mode anymore. Instead it defines a very specific mechanism: Secret information included in EnvU is xor-ed with a pseudo random pad derived from RwdU, and HMAC is computed on the concatenation of this value and any non-secret information included in EnvU. This simple mechanism satisfies the encryption requirement of OPAQUE and obviates any need to specify other RKR-secure schemes. In particular, it eliminates the "temptation" to use non-RKR modes such as GCM. Performance considerations are insignificant here as EnvU requires encryption of very short plaintexts. Applications that require sending additional information (e.g., non-OPAQUE user secrets stored at the server) will use ExportKey (previously called KdKey) with any encryption scheme of their choice. No RKR requirement in this case. See Section 4 for the details. This version also corrects a typo in the specification of SIGMA (the identities in messages K2 and K3 got mixed up in the version 05 of the draft). Very important: This draft is still intended as a high level description of the protocol and its components. A detailed specification is underway and will be posted shortly as draft-irtf-cfrg-opaque. OPAQUE implementers should follow the specifications in that document. Hugo ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Sat, Jun 20, 2020 at 12:20 AM Subject: New Version Notification for draft-krawczyk-cfrg-opaque-06.txt To: Hugo Krawczyk <hugokraw@gmail.com> A new version of I-D, draft-krawczyk-cfrg-opaque-06.txt has been successfully submitted by Hugo Krawczyk and posted to the IETF repository. Name: draft-krawczyk-cfrg-opaque Revision: 06 Title: The OPAQUE Asymmetric PAKE Protocol Document date: 2020-06-19 Group: Individual Submission Pages: 26 URL: https://www.ietf.org/internet-drafts/draft-krawczyk-cfrg-opaque-06.txt Status: https://datatracker.ietf.org/doc/draft-krawczyk-cfrg-opaque/ Htmlized: https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-06 Htmlized: https://datatracker.ietf.org/doc/html/draft-krawczyk-cfrg-opaque Diff: https://www.ietf.org/rfcdiff?url2=draft-krawczyk-cfrg-opaque-06 Abstract: This draft describes the OPAQUE protocol, a secure asymmetric password authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. Prior aPAKE protocols did not use salt and if they did, the salt was transmitted in the clear from server to user allowing for the building of targeted pre-computed dictionaries. OPAQUE security has been proven by Jarecki et al. (Eurocrypt 2018) in a strong and universally composable formal model of aPAKE security. In addition, the protocol provides forward secrecy and the ability to hide the password from the server even during password registration. Strong security, versatility through modularity, good performance, and an array of additional features make OPAQUE a natural candidate for practical use and for adoption as a standard. To this end, this draft presents several instantiations of OPAQUE and ways of integrating OPAQUE with TLS. This draft presents a high-level description of OPAQUE, highlighting its components and modular design. It also provides the basis for a specification for standardization but a detailed specification ready for implementation is beyond the scope of this document. Implementers of OPAQUE should ONLY follow the precise specification in the upcoming draft-irtf-cfrg-opaque. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Cfrg] Fwd: New Version Notification for draft-kr… Hugo Krawczyk
- Re: [Cfrg] Fwd: New Version Notification for draf… clinton bowen
- Re: [Cfrg] Fwd: New Version Notification for draf… Hugo Krawczyk