Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages

David McGrew <mcgrew@cisco.com> Sat, 04 January 2014 16:42 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 964B71ADED6 for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 08:42:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.039
X-Spam-Level:
X-Spam-Status: No, score=-15.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSGgMfVBN316 for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 08:42:09 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 242851ADFE3 for <cfrg@irtf.org>; Sat, 4 Jan 2014 08:42:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1450; q=dns/txt; s=iport; t=1388853721; x=1390063321; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=jRjIh8Jkm3uhWb3IIjdCYJ2xeYCZN065WtbxGvrM4No=; b=TDTiDDxv8scu9qx7MhtUg76jWnDOPM8WTrAYAjs4ROJuOrLHDPRaXyRf 5proAw5SBMCuSBH5J9FtfdfBvFqyqGT5V7W4VXzxay9TWbA0GdYVzaN1K UthDLiVI1NhHvwUMWGvyXNMmtR7lGJ7JeRTqz2kFAsuIo+J3JuvutN5Qj M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag0FAGw5yFKtJV2c/2dsb2JhbABYDoJ9hAuzI4MHgQsWdIIlAQEBBCMEES0TARALGAICBQ8HCwICCQMCAQIBRQYNAQcCiACpbZlXF4EpjWYHGIJXgUgBA4lDjlSGRYtQgW9/XR4
X-IronPort-AV: E=Sophos;i="4.95,603,1384300800"; d="scan'208";a="295217504"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-2.cisco.com with ESMTP; 04 Jan 2014 16:42:01 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s04Gg0Se006773; Sat, 4 Jan 2014 16:42:00 GMT
Message-ID: <52C839D8.6010504@cisco.com>
Date: Sat, 04 Jan 2014 11:42:00 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Feng Hao <feng.hao@newcastle.ac.uk>
References: <CEEDD67B.22CC7%feng.hao@newcastle.ac.uk>
In-Reply-To: <CEEDD67B.22CC7%feng.hao@newcastle.ac.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Trevor Perrin <trevp@trevp.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2014 16:42:11 -0000

Hi Feng,

thanks for your suggestion and comments.   A quick response to your 
suggestion:

On 01/04/2014 10:23 AM, Feng Hao wrote:
>
> It will be very helpful to have an open competition among the contemporary
> PAKEs to choose those that are secure, efficient and patent/loyal-free.
> That should include both balanced and augmented PAKEs to suit for
> different application requirements.
>
> It will be timely and nice if IETF/CFRG can help coordinate such.
>

It would be a good idea for the RG to author an RFC describing the 
requirements of PAKE protocols and surveying the existing protocols.   
The RFC could also record the consensus of the RG, if there is one, and 
describe the diversity of opinion otherwise. This is not quite the same 
as a competition, but it would fit easily into the IRTF process.   I 
would expect that there would be multiple authors, probably including 
multiple PAKE protocol authors.   We should also line up some reviewers 
as well.  What do you think?

As a side note, I personally would also like to see 
guidance/documentation on how PAKEs can best be used, and I agree with 
your comment about bootstrapping authentication.  Replacing a raw 
username/password exchange inside of TLS with a PAKE would be good, and 
using a PAKE for password-based certificate enrollment would be good.   
Replacing certificate based authentication with a PAKE would be not so 
good.

David