Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.txt
Greg Hudson <ghudson@mit.edu> Fri, 20 October 2017 17:10 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D0B61342E8 for <cfrg@ietfa.amsl.com>; Fri, 20 Oct 2017 10:10:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Level:
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvY71_H2MBL9 for <cfrg@ietfa.amsl.com>; Fri, 20 Oct 2017 10:10:17 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D18541342E3 for <cfrg@ietf.org>; Fri, 20 Oct 2017 10:10:16 -0700 (PDT)
X-AuditID: 1209190e-05fff70000001112-db-59ea2df7282d
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id D4.59.04370.7FD2AE95; Fri, 20 Oct 2017 13:10:15 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v9KHAEc3017708; Fri, 20 Oct 2017 13:10:15 -0400
Received: from [18.101.8.86] (VPN-18-101-8-86.MIT.EDU [18.101.8.86]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v9KHACKD013867 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 20 Oct 2017 13:10:13 -0400
To: Benjamin Kaduk <kaduk@mit.edu>, cfrg@ietf.org
References: <150821883254.21531.1671624165808113326@ietfa.amsl.com> <20171017111804.GP96685@kduck.kaduk.org>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <db2d5df8-a79a-c157-29dc-060f6cbdc9d1@mit.edu>
Date: Fri, 20 Oct 2017 13:10:12 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20171017111804.GP96685@kduck.kaduk.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKIsWRmVeSWpSXmKPExsUixCmqrPtd91WkQUe7kcXRXW0sDoweS5b8 ZApgjOKySUnNySxLLdK3S+DKOPQ7oOCRUMXsrnXMDYzf+boYOTkkBEwkuldeZ+li5OIQEljM JNH8sZEZwtnIKHF4cRNU5hCTxMGPkxhBWoQFbCXe7XzADGKLCBhKXPrdygZiCwnkScyf9Qws ziagLLF+/1agZg4OXgEriY3T3EHCLAKqEj/WXwErERWIkHjYuYsdxOYVEJQ4OfMJC4jNKWAq ceD2FLAaZgE9iR3Xf7FC2PIS29/OYZ7AyD8LScssJGWzkJQtYGRexSibklulm5uYmVOcmqxb nJyYl5dapGusl5tZopeaUrqJERx6knw7GCc1eB9iFOBgVOLhrRB7FSnEmlhWXJl7iFGSg0lJ lDew8mWkEF9SfkplRmJxRnxRaU5q8SFGCQ5mJRHeHWpA5bwpiZVVqUX5MClpDhYlcd5tQbsi hQTSE0tSs1NTC1KLYLIyHBxKEryPdIAaBYtS01Mr0jJzShDSTBycIMN5gIbPAqnhLS5IzC3O TIfIn2JUlBLnfQ2SEABJZJTmwfWCU0MqR9grRnGgV4R5GYGJQogHmFbgul8BDWYCGsxu/wJk cEkiQkqqgXHJ9/lPOO/fP8pV1/BiT9eiZ8/dKg6IvnG0MZfZcHf2Sds8iQNVDBPeZQq5Xy8y /dsX/XP19CvnT36Z0JRyZU7BKs81UnmuL2+Euxp/Si8vey8WslH73YTpwubK/Ut2rP1ttrd3 yf3Tx06JR5b4aj9apbu+0+DtTpHEfWZXV+hZ/3E+NMHf8MEZJZbijERDLeai4kQAlrrgEegC AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/90R45c_emXNFhG5Q8WgQBnA5v3g>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 17:10:18 -0000
On 10/17/2017 07:18 AM, Benjamin Kaduk wrote: > This version is intended to have minimal changes from the -03, and was > intended to un-expire the draft and add me as editor to effect that change. > I want this draft to advance so that it can be used as a reference by > draft-ietf-kitten-krb-spake-preauth. > > There is some reformatting due to having to rewrite the source into XML, > and I took advantage of that opportunity to un-wrap the python snippet. Thanks. I found my old feedback on this draft in https://www.ietf.org/mail-archive/web/cfrg/current/msg07928.html and this update resolves one of those issues (the misformatted Python code). I do not know how to resolve the problem that SPAKE2+ doesn't use w0 or w1 in the transcript hash, and therefore more closely resembles SPAKE1 than SPAKE2. I suggest the following edits for the other issues: * In section 2.2, remove the spaces around the || operators starting after K. * In section 2.3, replaces "here Bob" with "here B". * In the Python code, replace "ec.canon_pointstr" with "canon_pointstr". * Replace the introductory text of section 3 with: Every curve presented in the table below has an OID from [RFC5480]. We construct a string using the OID and the needed constant, for instance "1.3.132.0.35 point generation seed (M)" for P-512. This string is turned into a series of blocks by hashing with SHA256, and hashing that output again to generate the next 32 bytes, and so on. This pattern is repeated for each group and value, with the string modified appropriately. A byte string of length equal to that of an encoded group element is constructed by concatenating as many blocks as are required, starting from the first block, and truncating to the desired length. The byte string is then formatted as required for the group. In the case of Weierstrass curves, this means setting the first byte to 0x02 or 0x03 depending on the low-order bit. For Ed25519 style formats this means taking all the bytes as the representation of the group element. The byte string is then interpreted as an element in the group. If this interpretation yields a valid group element with the correct order (p), the byte string is the output. Otherwise, the initial hash block is discarded and the process is repeated until a valid element is found.
- [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.… Benjamin Kaduk
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.… Greg Hudson
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.… Benjamin Kaduk
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-04.… Watson Ladd