Re: [Cfrg] [Crypto-panel] Fwd: I-D Action: draft-irtf-cfrg-spake2-12.txt

Björn Haase <bjoern.m.haase@web.de> Sun, 20 September 2020 14:48 UTC

Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1740C3A098E for <cfrg@ietfa.amsl.com>; Sun, 20 Sep 2020 07:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FwUsR86w2Wh for <cfrg@ietfa.amsl.com>; Sun, 20 Sep 2020 07:48:37 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.15.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D51773A098C for <cfrg@irtf.org>; Sun, 20 Sep 2020 07:48:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1600613313; bh=JUEGiR80W+vDkr+lffCo4OSDDzodOXNKPMcKiAeKOjI=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=BPW7eJAm+Eaz3W/3WkJkCcZW4RFNsp9Eynst4Msh2bsm3kMGLg7WkY74kK0/wGWFL UxW6XBSZgesmpGRv/jDcDAsyF/WRTAfF9JtC/Se9VOgZcqVqAI81FlptDdxEe82lqL TGHLYmjZ7kVLSnD9HaVp+mEL4CgndxgnA/SyVUyE=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.178.21] ([85.216.76.5]) by smtp.web.de (mrweb002 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MTgum-1jtVXk2a7k-00QPMf for <cfrg@irtf.org>; Sun, 20 Sep 2020 16:48:32 +0200
To: cfrg@irtf.org
References: <159709115024.10897.5395496576031260366@ietfa.amsl.com> <CACsn0cmX=DWCP5gpmPbzS=UjXfkBP9ObNpmEXPddsZJHbbhC-g@mail.gmail.com> <CAMr0u6k0f52E0i0ds9gR-xJ=M69RCV1vcYZJXi4Ycyc8QtBV3w@mail.gmail.com> <A0F53C47-3D85-4070-8ED4-A86E50899D13@vigilsec.com> <5f6565e7-49cb-32c4-1873-bac014cee965@isode.com> <80792d11-5400-1c79-ac60-d28d2ae803f0@isode.com> <CAMr0u6=Qokwbe6uUPQbBk3ZO4yUzm+UJT6uUPdjaK20tR837cQ@mail.gmail.com> <BN7PR11MB26415022F5F2FB219554DC6DC15F0@BN7PR11MB2641.namprd11.prod.outlook.com> <BN7PR11MB26418931A9921C0C121703D3C1590@BN7PR11MB2641.namprd11.prod.outlook.com> <CACsn0cke00kmWXNyQ1emWoLjkY47Xx+iFaKiXwdR=gJCPcya7Q@mail.gmail.com> <AM0PR05MB4786942F46EC45406959E23183560@AM0PR05MB4786.eurprd05.prod.outlook.com> <CACsn0cnAeZ6yOrU+Z6Gjv5102dE2Ep1eo2-kz2bYmbcSAxyUGw@mail.gmail.com> <CAMr0u6n4sAowO9TiN3NNTZf-udr4P9Jx3aed=qqu0aAwOw1Nyg@mail.gmail.com>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <b044274b-1df4-1637-aeb0-da808518edeb@web.de>
Date: Sun, 20 Sep 2020 16:48:28 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CAMr0u6n4sAowO9TiN3NNTZf-udr4P9Jx3aed=qqu0aAwOw1Nyg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------C3CA2B8643DF2CD42A308F2A"
X-Provags-ID: V03:K1:VpdtBdnB+v8cpVIQ4qV5uYZXiAz4G3q1tb26mnK67SS+9gRNiM8 3heXblOdKrj5EUGGZEgks3TWdcvkATer21GEudBTjGTkup6SRDRQUCguGTbsr/sh/TvAm38 Bs/z/eFXIg7rVwSQFLNCTgz5qnfLVd4l1+QIPn7mPU5dU5rUDVQ3DAMq3INJFpDvw9pCN8C WS6nbaJd979LSWu1Cfn+A==
X-UI-Out-Filterresults: notjunk:1;V03:K0:Traiwfsrc8M=:Uyu2VUUgZJ+yoqVnwNJd2C oT6eqo5BaRZMpap5I+SvA1mKFMXJKCwx7SRQjv2zT+zxv98GjBmcQPuZ7p1llJ7i+9R1NKG/m eEPrz+Z7gn+ehGig9dQSmBcPexG4UVx8zyc3c+ZOdEM6N2oZ9IwzILmglEYFQtAc1v6LkbL2V 1GEAGk5XrYYoPQSIJtUkwIm16ZkjhrDnKSd5bAwVCE2TYPdmPgJBuvkFTNVb8Jtt+xV6BKT8+ TMziDmyk3BGECNpijQUHaaQDEu94Pxw2siR2Te3sZBCHGwmtNHskbOvCSHexwWYVl0ey5uJk7 5lwCBeZfejnWWHPL9YJ8revu3Z8Gs4kLPePPCNG+qDK7Cm4GVKMGEz3aCmmffAaXOR7i6//Lj YchgKhASQ+tAVOvOldll63u/QHGpnnKP/ZoG69DvsaOtuNPbugR6Lv1WgbQBjOn36cCO2UKUU Jk4LY8DTIIPPrx/cQB/PCQd+c7bdMrI5lRqjfqyBlmtrn10wOpb61av2OHDigWy6P/KjSuv3L pNW6VZbufGefuak7HaBVYFI9GaCI/cmXjTbv0PhZ5Es+mnuzUHRRTGVs0loKNLEsn6O620OAQ Vn/iWhuMLevr/954PBzK9GzavdlTIH8EIcE+hxSHxEbv4bOIO3bTizx18V16nrcSONu3HUH2p QSjkHhcuNJd9I/hqOxnPle0HFfOvjXzY4sk+0x0WromNTewyKwVcWlQyfFOLclMbfp3wUBy6v bQmE9UvWbRdPnTf5b60CmJBuCqoPrUAVaBKmn5PtEAbEMs3B+/qn2+OLXUPmtXjwer7NsN3UT rFghIgebKZoC8fhP659nx7wWOiuGBUAz00fbNX+RWtzTVXIWKC8TuurYbyHAqhYXo+XaSlgMu R2nof9SqlYffAiVcyyMbv0IDTabI1WFYAusas091Cf08U86PlrXh15vZ/oTkAuRbszHzv+1hM vQDNPRt2BRozcxmvan/OmUzSacpioRh0dCemxJwyDUGFDJHoq9M/edFSQ/VyvTvsJogbHZR4q mzxBhuL4zg2uK1KDoEGBn2PHAfkDgPOIxWQ1QeboOG1cKpwsZ5XeoID0r7v8GibdoWULg4vJf bI/dq5j932krZIrNbNOfienZNcYMrzdXLzOZ4MZ9mYnhdj5Wh8iB3BxKx0M6PjgAMRA39lEb6 hRi94zDlI+Xx1R0iWeo8wU6EguF03wnZ2RuA/OeOOd+Ua35KC+/M43XDzgWepfKp1jciEGMP4 4WMnz6srZPD02qDBRSHfQZsrQNcm9Mw3Bk7taAQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4U6zzCSqFzIekXxZQM8vPv6zSoM>
X-Mailman-Approved-At: Mon, 21 Sep 2020 08:42:57 -0700
Subject: Re: [Cfrg] [Crypto-panel] Fwd: I-D Action: draft-irtf-cfrg-spake2-12.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Sep 2020 14:48:41 -0000

Hello Stanislav,

sorry for the late reply.

 >Scott, Bjoern, are you happy with the changes?

I've only shortly reviewed the change regarding the assumption set and I
think that the reader interrested in all of the intricated details will
anyway have to dig through the papers., I think that the accuracy for
the level of an RFC document to refer just to "GAP-CDH" is fine, in my
opinion, given that the references to the papers are now integrated in
the document.

Yours,

Björn.


Am 12.09.2020 um 12:49 schrieb Stanislav V. Smyshlyaev:
> Scott, Bjoern, are you happy with the changes?
>
> пт, 11 сент. 2020 г. в 20:41, Watson Ladd <watsonbladd@gmail.com
> <mailto:watsonbladd@gmail.com>>:
>
>     I have just uploaded version -13 which contains suggested text from
>
>     Michel by way of Bjorn.
>
>
>
>     Given we have per-user M and N as an option I decided not to add
>
>     per-protocol, but if Scott thinks it's a good idea I'm happy to add
>
>     it: not sure it will be used.
>
>
>
>     On Mon, Aug 24, 2020 at 9:03 AM Björn Haase
>     <bjoern.haase@endress.com <mailto:bjoern.haase@endress.com>> wrote:
>
>     >
>
>     > Dear Watson,
>
>     >
>
>     > If I understood correctly Manuel and Michel's proof, the
>     reduction to the GAP version of CDH problem refers only to the
>     "perfect-forward security" aspect of the SPAKE2 proofs.
>
>     >
>
>     > To my best knowledge, the game-based proof regarding the "only
>     one password guess per session" feature does rely on "Discrete
>     Logarithm Password-based Chosen-basis Computational Diffie-Hellman
>     assumption" (DLPWBCDH) (i.e. without the "GAP").
>
>     >
>
>     > IIRC there is some small margin between the CDH and DLPWBCDH but
>     there is no need for the GAP assumption when carrying out the
>     proof in the game-based models, except for the forward-security
>     aspect which to my knowledge requires the DDH oracle.
>
>     >
>
>     > For the UC proofs, OTOTH the GAP assumption appears to be
>     mandatory, IIUC, since this proof strategy also implies forward
>     security.
>
>     >
>
>     > I'm in close contact with Michel for the CPace draft preparation
>     and I'll ask him what specific wording he would be recommending
>     for your document, the next time I'll be talking to him.
>
>     >
>
>     > Yours,
>
>     >
>
>     > Björn.
>
>     >
>
>     >
>
>     >
>
>     > Mit freundlichen Grüßen I Best Regards
>
>     >
>
>     > Dr. Björn Haase
>
>     >
>
>     >
>
>     > Senior Expert Electronics | TGREH Electronics Hardware
>
>     >
>
>     > Endress+Hauser Liquid Analysis
>
>     >
>
>     > Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839
>     Gerlingen | Germany
>
>     > Phone: +49 7156 209 377 | Fax: +49 7156 209 221
>
>     > bjoern.haase@endress.com <mailto:bjoern.haase@endress.com> |
>     www.ehla.endress.com <http://www.ehla.endress.com>
>
>     >
>
>     >
>
>     >
>
>     >
>
>     >
>
>     > Endress+Hauser Conducta GmbH+Co.KG
>
>     > Amtsgericht Stuttgart HRA 201908
>
>     > Sitz der Gesellschaft: Gerlingen
>
>     > Persönlich haftende Gesellschafterin:
>
>     > Endress+Hauser Conducta Verwaltungsgesellschaft mbH
>
>     > Sitz der Gesellschaft: Gerlingen
>
>     > Amtsgericht Stuttgart HRA 201929
>
>     > Geschäftsführer: Dr. Manfred Jagiella
>
>     >
>
>     >
>
>     > Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu
>     informieren, wenn wir personenbezogene Daten von Ihnen erheben.
>
>     > Dieser Informationspflicht kommen wir mit folgendem
>     Datenschutzhinweis
>     (https://www.endress.com/de/cookies-endress+hauser-website) nach.
>
>     >
>
>     >
>
>     >
>
>     >
>
>     >
>
>     > Disclaimer:
>
>     >
>
>     > The information transmitted is intended only for the person or
>     entity to which it is addressed and may contain confidential,
>     proprietary, and/or privileged material. Any review,
>     retransmission, dissemination or other use of, or taking of any
>     action in reliance upon, this information by persons or entities
>     other than the intended recipient is prohibited. If you receive
>     this in error, please contact the sender and delete the material
>     from any computer. This e-mail does not constitute a contract
>     offer, a contract amendment, or an acceptance of a contract offer
>     unless explicitly and conspicuously designated or stated as such.
>
>     >
>
>     >
>
>     >
>
>     > -----Ursprüngliche Nachricht-----
>
>     > Von: Cfrg <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>>
>     Im Auftrag von Watson Ladd
>
>     > Gesendet: Montag, 24. August 2020 14:42
>
>     > An: Scott Fluhrer (sfluhrer)
>     <sfluhrer=40cisco.com@dmarc.ietf.org
>     <mailto:40cisco.com@dmarc.ietf.org>>
>
>     > Cc: crypto-panel@irtf.org <mailto:crypto-panel@irtf.org>;
>     <cfrg@ietf.org <mailto:cfrg@ietf.org>> <cfrg@ietf.org
>     <mailto:cfrg@ietf.org>>; Russ Housley <housley@vigilsec.com
>     <mailto:housley@vigilsec.com>>; cfrg-chairs@ietf.org
>     <mailto:cfrg-chairs@ietf.org>
>
>     > Betreff: Re: [Cfrg] [Crypto-panel] Fwd: I-D Action:
>     draft-irtf-cfrg-spake2-12.txt
>
>     >
>
>     > On Sun, Aug 23, 2020 at 3:20 PM Scott Fluhrer (sfluhrer)
>
>     > <sfluhrer=40cisco.com@dmarc.ietf.org
>     <mailto:40cisco.com@dmarc.ietf.org>> wrote:
>
>     > >
>
>     > > I looked through it (the Crypto20 crypto conference was last
>     week, that kept me busy); it looked good, with two nits:
>
>     >
>
>     > Thank you very much for reviewing it so quickly!
>
>     >
>
>     > >
>
>     > >
>
>     > >
>
>     > > Section 3.1 states “Lets G be a group in which the
>     computational Diffie-Hellman (CDH) problem is hard”. Actually, if
>     you go through the security proof, it appears that the slightly
>     stronger “S-PCCDH assumption” is required.  While it is plausible
>     that, for any group where the CDH assumption holds, so does the
>     S-PCCDH assumption, however, this is not proven.
>
>     >
>
>     > So recently
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprint.iacr.org%2F2019%2F1194.pdf&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=TwffvrezUzSnJeaPaahlF08H744LL1mxocrTksHdvo0%3D&amp;reserved=0
>     reduces to Gap
>
>     > Diffie-Hellman. I think I should revise that sentence of 3.1 and
>
>     > discuss in security considerations section exactly what is
>     assumed and
>
>     > that elliptic curves in the draft are widely conjectured to satisfy
>
>     > it. Hopefully this won't confuse anyone more than necessary.
>
>     >
>
>     > > This draft still relies on a fixed (per group) M and N values;
>     as we have argued before, having a global N and M value menas that
>     breaking one discrete problem would mean breaking the entire
>     system globally, and so that arguably too attractive as a target. 
>     Assuming that the authors aren’t willing to use a Hash2Curve
>     method to generate N, M values, I would recommend that a paragraph
>     be added to the document outlining the situation (and perferably
>     giving a procedure where individual protocols can select their own
>     N, M values)
>
>     >
>
>     > Section 5:
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fid%2Fdraft-irtf-cfrg-spake2-11.html%23rfc.section.5&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=TSxHJGOCsecYGoYp4OwBajfg%2FXt%2F9aLbokD%2F7iKprK0%3D&amp;reserved=0
>
>     > has M and N per user, following one of the papers in the references.
>
>     > I think a per-protocol option makes sense to add, but it would
>     be nice
>
>     > to know if it would be used.
>
>     >
>
>     >
>
>     > >
>
>     > >
>
>     > >
>
>     > > From: Scott Fluhrer (sfluhrer)
>
>     > > Sent: Monday, August 17, 2020 7:50 AM
>
>     > > To: Stanislav V. Smyshlyaev <smyshsv@gmail.com
>     <mailto:smyshsv@gmail.com>>; Russ Housley <housley@vigilsec.com
>     <mailto:housley@vigilsec.com>>; crypto-panel@irtf.org
>     <mailto:crypto-panel@irtf.org>
>
>     > > Cc: Alexey Melnikov <alexey.melnikov@isode.com
>     <mailto:alexey.melnikov@isode.com>>; cfrg-chairs@ietf.org
>     <mailto:cfrg-chairs@ietf.org>
>
>     > > Subject: RE: [Crypto-panel] Fwd: [Cfrg] I-D Action:
>     draft-irtf-cfrg-spake2-12.txt
>
>     > >
>
>     > >
>
>     > >
>
>     > > I’ll take a quick look at it.
>
>     > >
>
>     > >
>
>     > >
>
>     > > From: Crypto-panel <crypto-panel-bounces@irtf.org
>     <mailto:crypto-panel-bounces@irtf.org>> On Behalf Of Stanislav V.
>     Smyshlyaev
>
>     > > Sent: Monday, August 17, 2020 4:40 AM
>
>     > > To: Russ Housley <housley@vigilsec.com
>     <mailto:housley@vigilsec.com>>; crypto-panel@irtf.org
>     <mailto:crypto-panel@irtf.org>
>
>     > > Cc: Alexey Melnikov <alexey.melnikov@isode.com
>     <mailto:alexey.melnikov@isode.com>>; cfrg-chairs@ietf.org
>     <mailto:cfrg-chairs@ietf.org>
>
>     > > Subject: Re: [Crypto-panel] Fwd: [Cfrg] I-D Action:
>     draft-irtf-cfrg-spake2-12.txt
>
>     > >
>
>     > >
>
>     > >
>
>     > > Dear Russ, dear Crypto Panel experts,
>
>     > >
>
>     > >
>
>     > >
>
>     > > Any volunteers for a quick review of the updated version of
>     the SPAKE2 draft (before commencing a RGLC)?
>
>     > >
>
>     > >
>
>     > >
>
>     > > Regards,
>
>     > >
>
>     > > Stanislav
>
>     > >
>
>     > >
>
>     > >
>
>     > > On Tue, 11 Aug 2020 at 20:02, Alexey Melnikov
>     <alexey.melnikov@isode.com <mailto:alexey.melnikov@isode.com>> wrote:
>
>     > >
>
>     > > On 11/08/2020 17:47, Alexey Melnikov wrote:
>
>     > >
>
>     > > Hi Russ,
>
>     > >
>
>     > > On 11/08/2020 17:43, Russ Housley wrote:
>
>     > >
>
>     > > > We recommend the following two protocols to be selected as
>     «recommended by the CFRG for usage in IETF protocols»: one
>     balanced PAKE - CPace, and one augmented PAKE - OPAQUE.
>
>     > >
>
>     > >
>
>     > >
>
>     > > What was the point of the selection process if we are going to
>     publish the ones that were not selected too?
>
>     > >
>
>     > > It is needed by Kitten WG for one of Kerberos documents. The
>     idea is to publish it with a disclaimer that it predated PAKE
>     selection process and was not selected as one of the finalists.
>
>     > >
>
>     > > To clarify: we don't intend to publish any other PAKE
>     candidates that weren't finalists.
>
>     > >
>
>     > > Best Regards,
>
>     > >
>
>     > > Alexey
>
>     > >
>
>     > >
>
>     > >
>
>     > > Russ
>
>     > >
>
>     > >
>
>     > >
>
>     > >
>
>     > >
>
>     > >
>
>     > >
>
>     > > On Aug 11, 2020, at 10:57 AM, Stanislav V. Smyshlyaev
>     <smyshsv@gmail.com <mailto:smyshsv@gmail.com>> wrote:
>
>     > >
>
>     > >
>
>     > >
>
>     > > Dear Crypto Panel experts,
>
>     > >
>
>     > >
>
>     > >
>
>     > > Could someone please take a quick look at the updated version
>     (taking into account the reviews made during the PAKE selection
>     process)?
>
>     > >
>
>     > >
>
>     > >
>
>     > > Regards,
>
>     > >
>
>     > > Stanislav (on behalf of CFRG chairs)
>
>     > >
>
>     > >
>
>     > >
>
>     > > ---------- Пересылаемое сообщение ---------
>
>     > > От: Watson Ladd <watsonbladd@gmail.com
>     <mailto:watsonbladd@gmail.com>>
>
>     > > Дата: пн, 10 авг. 2020 г. в 23:29
>
>     > > Тема: Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt
>
>     > > Кому: <cfrg@ietf.org <mailto:cfrg@ietf.org>>
>
>     > >
>
>     > >
>
>     > >
>
>     > > This fixes the comment on missing identities received during
>     the PAKE
>
>     > > competition which was the only one I found.
>
>     > >
>
>     > > I think it's ready for RGLC.
>
>     > >
>
>     > > On Mon, Aug 10, 2020 at 4:27 PM <internet-drafts@ietf.org
>     <mailto:internet-drafts@ietf.org>> wrote:
>
>     > > >
>
>     > > >
>
>     > > > A New Internet-Draft is available from the on-line
>     Internet-Drafts directories.
>
>     > > > This draft is a work item of the Crypto Forum RG of the IRTF.
>
>     > > >
>
>     > > >         Title           : SPAKE2, a PAKE
>
>     > > >         Authors         : Watson Ladd
>
>     > > >                           Benjamin Kaduk
>
>     > > >         Filename        : draft-irtf-cfrg-spake2-12.txt
>
>     > > >         Pages           : 16
>
>     > > >         Date            : 2020-08-10
>
>     > > >
>
>     > > > Abstract:
>
>     > > >    This document describes SPAKE2 which is a protocol for
>     two parties
>
>     > > >    that share a password to derive a strong shared key with
>     no risk of
>
>     > > >    disclosing the password.  This method is compatible with
>     any group,
>
>     > > >    is computationally efficient, and SPAKE2 has a security
>     proof.  This
>
>     > > >    document predated the CFRG PAKE competition and it was
>     not selected.
>
>     > > >
>
>     > > >
>
>     > > > The IETF datatracker status page for this draft is:
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-spake2%2F&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=lfQZ%2Bk58AZtuJDwwoL3kp9h%2B1t6eVh%2BO4IhcPF%2BJA9k%3D&amp;reserved=0
>
>     > > >
>
>     > > > There are also htmlized versions available at:
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-irtf-cfrg-spake2-12&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=M%2B1R6InBuduuxEehA%2Fmz99McvXt8KnILIj9S2bRBifs%3D&amp;reserved=0
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-irtf-cfrg-spake2-12&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=9IrixLVgOePrXOr4FXNIgwa8x9Jgpldlq5tr55o%2FGgI%3D&amp;reserved=0
>
>     > > >
>
>     > > > A diff from the previous version is available at:
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-irtf-cfrg-spake2-12&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=TI3p%2F1EM4Un4No8%2BEY6KsExVBQyMXIlg6OzWoZFi8%2FU%3D&amp;reserved=0
>
>     > > >
>
>     > > >
>
>     > > > Please note that it may take a couple of minutes from the
>     time of submission
>
>     > > > until the htmlized version and diff are available at
>     tools.ietf.org <http://tools.ietf.org>.
>
>     > > >
>
>     > > > Internet-Drafts are also available by anonymous FTP at:
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Finternet-drafts%2F&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691624309&amp;sdata=JLdVl7lCQLtmHJiKclYtzm81ubwwTgRe29PJMfhIPtY%3D&amp;reserved=0
>
>     > > >
>
>     > > >
>
>     > > > _______________________________________________
>
>     > > > Cfrg mailing list
>
>     > > > Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>
>     > > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691634306&amp;sdata=oteAqHxVYJtxizv9OX5GP3qfiAuWTpgeZXxZPIlj3z8%3D&amp;reserved=0
>
>     > >
>
>     > >
>
>     > >
>
>     > > --
>
>     > > "Man is born free, but everywhere he is in chains".
>
>     > > --Rousseau.
>
>     > >
>
>     > > _______________________________________________
>
>     > > Cfrg mailing list
>
>     > > Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>
>     > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691634306&amp;sdata=oteAqHxVYJtxizv9OX5GP3qfiAuWTpgeZXxZPIlj3z8%3D&amp;reserved=0
>
>     > >
>
>     > > _______________________________________________
>
>     > > Crypto-panel mailing list
>
>     > > Crypto-panel@irtf.org <mailto:Crypto-panel@irtf.org>
>
>     > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcrypto-panel&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691634306&amp;sdata=w0Bf%2F8e3bInXUJ8FckOi5dK%2FRPdY879EkrXP02iaSR4%3D&amp;reserved=0
>
>     > >
>
>     > >
>
>     > >
>
>     > > _______________________________________________
>
>     > > Cfrg mailing list
>
>     > > Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>
>     > >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691634306&amp;sdata=oteAqHxVYJtxizv9OX5GP3qfiAuWTpgeZXxZPIlj3z8%3D&amp;reserved=0
>
>     >
>
>     >
>
>     >
>
>     > --
>
>     > "Man is born free, but everywhere he is in chains".
>
>     > --Rousseau.
>
>     >
>
>     > _______________________________________________
>
>     > Cfrg mailing list
>
>     > Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>
>     >
>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C8359743fd98a4c38077608d8482b33bd%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637338697691634306&amp;sdata=oteAqHxVYJtxizv9OX5GP3qfiAuWTpgeZXxZPIlj3z8%3D&amp;reserved=0
>
>
>
>
>
>
>
>     --
>
>     "Man is born free, but everywhere he is in chains".
>
>     --Rousseau.
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg