IETF Logo Mail Archive

Re: [Cfrg] OPAQUE

Dan Harkins <dharkins@lounge.org> Wed, 27 March 2019 23:05 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 942D41203E1 for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 16:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Q8ni5reQcmU for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 16:05:36 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDE8C12006B for <cfrg@irtf.org>; Wed, 27 Mar 2019 16:05:35 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-93-146-89.san.res.rr.com [76.93.146.89]) by wwwlocal.goatley.com (PMDF V6.8-0 #1001) with ESMTP id <0PP1000BPS5AZM@wwwlocal.goatley.com> for cfrg@irtf.org; Wed, 27 Mar 2019 18:05:34 -0500 (CDT)
Received: from dhcp-99c2.meeting.ietf.org ([31.133.153.194]) by trixy.bergandi.net (PMDF V6.7-x01 #1001) with ESMTPSA id <0PP100H0NS44FF@trixy.bergandi.net> for cfrg@irtf.org; Wed, 27 Mar 2019 16:04:54 -0700 (PDT)
Received: from dhcp-99c2.meeting.ietf.org ([31.133.153.194] EXTERNAL) (EHLO dhcp-99c2.meeting.ietf.org) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Wed, 27 Mar 2019 16:04:54 -0700
Date: Wed, 27 Mar 2019 16:05:31 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <00d301d4e4ba$82febe90$88fc3bb0$@gmail.com>
To: Valery Smyslov <smyslov.ietf@gmail.com>, cfrg@irtf.org
Message-id: <fc33f055-0e07-f433-147d-3850fbd42ee7@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_rTjisaYTgFFoXh/bAceqmw)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=31.133.153.194)
X-PMAS-External-Auth: dhcp-99c2.meeting.ietf.org [31.133.153.194] (EHLO dhcp-99c2.meeting.ietf.org)
References: <CACsn0ck_VbSNCDvYQXzuhMLqgO5R_cwPzMaMmQrENdv4D2=UAg@mail.gmail.com> <b0ac5609-6050-9def-fc8e-e23fd5c3177f@lounge.org> <00d301d4e4ba$82febe90$88fc3bb0$@gmail.com>
X-PMAS-Software: PreciseMail V3.3 [190327] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/F8qvCipSOzRK5P06ne8U3H_QeGA>
Subject: Re: [Cfrg] OPAQUE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 23:05:41 -0000

Hi Valery,

On 3/27/19 9:31 AM, Valery Smyslov wrote:
>
> Hi Dan,
>
> it depends. Don't forget about EAP-based authentication in IKEv2,
>
> that is clearly client-server oriented.
>

   That is true but in that case it would be EAP-OPAQUE which
is EAP not IPsec.

   regards,

   Dan.

> Regards,
>
> Valery.
>
> *From:*Cfrg <cfrg-bounces@irtf.org> *On Behalf Of *Dan Harkins
> *Sent:* Wednesday, March 27, 2019 5:46 PM
> *To:* cfrg@irtf.org
> *Subject:* Re: [Cfrg] OPAQUE
>
>
>   But OPAQUE is augmented and that won't work for IPsec. IPsec, well IKE
> actually, needs a balanced PAKE because is not client-server, either side
> can initiate.
>
>   regards,
>
>   Dan.
>
> On 3/27/19 6:41 AM, Watson Ladd wrote:
>
>     Following up on the conversation: OPAQUE can include auxiliary
>     data along with the private key in the encrypted bundle sent in
>     the first round. This may be useful for IPsec for instance as you
>     can insert client  configuration data there as well.
>
>     This is an advantage that might be interesting.
>
>     Sincerely,
>
>     Watson
>
>
>
>     _______________________________________________
>
>     Cfrg mailing list
>
>     Cfrg@irtf.org  <mailto:Cfrg@irtf.org>
>
>     https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email