IETF Logo Mail Archive

Re: [Cfrg] Wi-Fi Alliance Device Provisioning Protocol (DPP) - Draft Released for Public Review and Comments

Andy Lutomirski <luto@amacapital.net> Tue, 30 August 2016 23:37 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CA8D12D835 for <cfrg@ietfa.amsl.com>; Tue, 30 Aug 2016 16:37:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26tlojC9oZhY for <cfrg@ietfa.amsl.com>; Tue, 30 Aug 2016 16:37:35 -0700 (PDT)
Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com [IPv6:2607:f8b0:400c:c08::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08FE012D84E for <cfrg@irtf.org>; Tue, 30 Aug 2016 16:37:34 -0700 (PDT)
Received: by mail-ua0-x22c.google.com with SMTP id l94so60576673ual.0 for <cfrg@irtf.org>; Tue, 30 Aug 2016 16:37:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=vXNXP9iZ5y64PwZQid0r2aRMJfirFPM3RsdfSpsLQg0=; b=2OoIsCY7IZTJEHfQJg+UDnnW0qRPCuUMt3Wp/WbEUmHCPPZEWIxEZCg1mOVZwRk8RO zJvNWCojdRLejS/ukS+vJUjkEDvlWg++1Q2yqwvIYp6yqkLQNaG7QugCe5615wmGB2QT uYXH+1BjPRdG7Rt3PZizpqYtzBg8VVl5IZQFEc0pFeCClBhylvCjpR9Y2CEEo8TRdxx1 C9bYgRFyA//4FTkKrdRId98A33FuFVPClz0eZpNbv9utHZeTkgr7qx0ewTpUDo7pE1p3 TiAh1dCyrkEvAlqnHQgOcp8ge5jLk+6aictygpnCn8p31KbnnFyLutyGImTs/94fw5d3 WGvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=vXNXP9iZ5y64PwZQid0r2aRMJfirFPM3RsdfSpsLQg0=; b=E3HoVl5I7u4tA/tyJEuig4J6GRPToVP6Iipi52HqcVhwz2ESWMxKe15hDDhRrqnTUR 5Wjtrj0zSB0mRmeHD/u7BvJdPMgc+L+4/ntOS0d+CmYrT2ntQ41yYUv/ieKsaDLImPhR a8XNKVRVbUlZGuYnPNAWuq0Rl/GnpqnQ4Qvj9Kz5AlA8xf2RrR+SEZ4oFy0P1iY7AnNj SPQuAG6AYnBhIcMbvSGS4XVLOYc/24K+uo0cGGeSIuieeT989amNYIy+dFKY+WXrLTlx bevREgm24oTw1cvThgk/wROdhApQkW1VRZMX18JlEsfuk5NoRDnVM/8+k8azuTG/OpJZ 941w==
X-Gm-Message-State: AE9vXwNVTOM8XWNWBfe5ettf5y3z1D/zpk0w2AHuSf0JYTfQZn0SI4Do+kFW4tHqWiQFPp5wBtu5DNVUOX/v3TTg
X-Received: by 10.31.21.79 with SMTP id 76mr3756596vkv.135.1472600254050; Tue, 30 Aug 2016 16:37:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.76.146 with HTTP; Tue, 30 Aug 2016 16:37:13 -0700 (PDT)
In-Reply-To: <b6b2e03faf504238b8681284fc72a1dd@SC-EXCH03.marvell.com>
References: <b6b2e03faf504238b8681284fc72a1dd@SC-EXCH03.marvell.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Tue, 30 Aug 2016 16:37:13 -0700
Message-ID: <CALCETrVmSHv9=aNZYudU012UhuSNSJJaZX2CFa++o4nYA=WtPg@mail.gmail.com>
To: Paul Lambert <paul@marvell.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/A_5_Kd6EImpTQYHN8-qBpMuF4eE>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "t2trg@irtf.org" <t2trg@irtf.org>, "lear@cisco.com" <lear@cisco.com>
Subject: Re: [Cfrg] Wi-Fi Alliance Device Provisioning Protocol (DPP) - Draft Released for Public Review and Comments
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2016 23:37:37 -0000

On Fri, Jul 29, 2016 at 6:27 PM, Paul Lambert <paul@marvell.com> wrote:
> The Wi-Fi Alliance (WFA) has posted a draft version of a new ‘setup
> protocol’:
>
>
> https://www.wi-fi.org/downloads-registered-guest/Wi-Fi_DPP_Tech_Spec_v0_0_23.pdf
>
>
>
> The WFA is looking for review and comments on this specification.
>

A few comments on a cursory reading:

Section 3.2 specifies a particular point format.  Is this actually
compatible with Curve 25519, etc?  Wouldn't it be more sensible to use
the point format recommended by each individual curve?

Section 5.5: Is the PKEX protocol publicly documented anywhere?  I'm
concerned that the crypto here is highly suboptimal.  For example, the
text mentions that:

> Using this bootstrapping technique more than once with a different code but the same bootstrapping key can enable a dictionary attack (to recover the code) by the entity that obtained the bootstrapping key the first time.

A well designed short authentication string system (e.g. ZRTP's)
should have no such issues.

v2.23.0 | Report a Bug | By Email