Re: [Cfrg] Another PAKE question

"Dan Harkins" <> Thu, 09 January 2014 07:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2BCAB1AE08C for <>; Wed, 8 Jan 2014 23:25:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XmYuemYHaXdd for <>; Wed, 8 Jan 2014 23:25:24 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 61C871A1F61 for <>; Wed, 8 Jan 2014 23:25:24 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id E5782A888012; Wed, 8 Jan 2014 23:25:09 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Wed, 8 Jan 2014 23:25:10 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <>
Date: Wed, 8 Jan 2014 23:25:10 -0800 (PST)
From: "Dan Harkins" <>
To: "Yoav Nir" <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "" <>
Subject: Re: [Cfrg] Another PAKE question
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Jan 2014 07:25:28 -0000

  Hi Yoav,

On Wed, January 8, 2014 10:09 pm, Yoav Nir wrote:
> Hi
> I almost feel like I'm asking for trouble after the roast that Dan went
> through, but some on this list might want to consider another PAKE going
> through an IETF working group.

  While I think you are definitely asking for trouble, it's good that you do.
Trying to fly under the radar would not be a good thing.

> HTTP-Auth is making experimental authentication mechanisms for the HTTP
> layer. One of those is a PAKE. If people here on the CFRG list would like
> to comment on it, that would be great. We can have some discussion here,
> but ultimately, comments criticisms and suggestions should go to the
> HTTP-auth list (details below).
> The draft in question is called "Mutual Authentication Protocol for HTTP".
> Link:

  It doesn't look like that draft specifies a PAKE. It seems to specify the
exchange of data that can be used by a PAKE, but not necessarily. Section
11 states:

    Cryptographic authentication algorithms which are used with this
    protocol will be defined separately¬Ö.

    All algorithm used with this protocol SHOULD provide secure mutual
    authentication between client and servers, and generate a
    cryptographically strong shared secret value z, equivalently strong
    to or stronger than the hash function H. If any passwords (or pass-
    phrases or any equivalents, i.e. weak secrets) are involved, these
    SHOULD NOT be guessable from any data transmitted in the protocol,
    even if an attacker (either an eavesdropper or an active server)
    knows the possible thoroughly-searchable candidate list of the

That SHOULD and SHOULD NOT mean that it could actually use an
authentication algorithm that doesn't provide mutual authentication
and that is susceptible to an off-line dictionary attack. You might
want to make those a MUST and MUST NOT.

  So where is the separately defined protocol that this draft uses?

  Also, figure 5 seems almost like a joke. Is this protocol _really_
that complicated? A security protocol that complicated seems like
a recipe for disaster.



> Yoav
> co-chair of HTTP-Auth
> Mailing list details:
>  * http-auth List Information:
>  * http-auth List Archives:
>  * http-auth Posting Address (requires registration):
> _______________________________________________
> Cfrg mailing list