Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13
"Hao, Feng" <Feng.Hao@warwick.ac.uk> Wed, 14 October 2020 22:48 UTC
Return-Path: <Feng.Hao@warwick.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C1AF3A10FE for <cfrg@ietfa.amsl.com>; Wed, 14 Oct 2020 15:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSaMsnWFnnZc for <cfrg@ietfa.amsl.com>; Wed, 14 Oct 2020 15:48:25 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20083.outbound.protection.outlook.com [40.107.2.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1823A10FD for <cfrg@irtf.org>; Wed, 14 Oct 2020 15:48:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fGqJHgDwYTXl7bI6A7vGDnVmqQt6pRE2v8u9Ss9aXhBSHTZvbRmi+JEY3K3IwyQyeporzm2h1VkJ3H/077Z4aTwUta22TfSUWTk6CVrU/P0Ezp5mkClrTYGVAw51f/5mS4YrW98U1L44pcWc61uejclIIhjqC3jiNbVkWsE7SX6dsDyF6ZRh7ZPDCTdTt84/Iw4BhmFmKV4DpEHFlHuLyuugcPT7qM91Qio2t3Et01AtPcMe4qecz7XOOmlTfS78qTHqOACk0qyQT3Gazu7NtKqcGWc7ZyBjqiwzFGtYoypZL/aLTrhrh0goGZfNrQ8h145KnhjmC8L7QLYyH47gyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ql1T4moA2x+1wOVD7KHv4HcDHoMY9lel48c9Y2KYgLY=; b=bBuPDXXv4lEesGexKB1h6l1J5daQyD82aM3LMGJ0obtEJ3+fO4zEVtHhO8OARq+heGMclyUhrYPNXa1SD3qHFj1hIQ5DqdcDsXOy5+/IeSy3ssg6NHt7DTfQhpyt/Wx5QwIiY/6X4P/GSkGSmVb1RzIxIsK0btGUVF8FTTGAzpj0rxsYzfhfFwnS6tx1h/Ct/3wL383Ru3St7xHqtZQq1CpLl3RTTGgUySrB399QN8wwrG7Gmt5dNx1PUd97Q0nshvY2wLyygfYSYreTa7kWP41RFCGZC3DqG9TbdDkJgoWFYqv9HVTHePn2pIDEQ9WD/af7ElMau33bZB+YkfUv0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=warwick.ac.uk; dmarc=pass action=none header.from=warwick.ac.uk; dkim=pass header.d=warwick.ac.uk; arc=none
Received: from VI1PR01MB4285.eurprd01.prod.exchangelabs.com (2603:10a6:803:65::27) by VI1PR0102MB3120.eurprd01.prod.exchangelabs.com (2603:10a6:803:7::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.28; Wed, 14 Oct 2020 22:48:22 +0000
Received: from VI1PR01MB4285.eurprd01.prod.exchangelabs.com ([fe80::b481:fc8:76ac:75ad]) by VI1PR01MB4285.eurprd01.prod.exchangelabs.com ([fe80::b481:fc8:76ac:75ad%7]) with mapi id 15.20.3455.030; Wed, 14 Oct 2020 22:48:22 +0000
From: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
To: Watson Ladd <watsonbladd@gmail.com>
CC: CFRG <cfrg@irtf.org>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
Thread-Topic: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13
Thread-Index: AQHWoe/ilD4bNNgNOUCLW6H2BOQ/Y6mXj3gAgAARA4CAACSjgA==
Date: Wed, 14 Oct 2020 22:48:22 +0000
Message-ID: <9B7997F2-BB22-44CC-B08B-70E978664ADE@warwick.ac.uk>
References: <CAMr0u6n0SVGpWkBc=ZLMoS-SQZta=TxbUZP13Pq=3QBxdMpUdg@mail.gmail.com> <2B592A5F-FC26-4FA8-A71F-55814E301A1D@warwick.ac.uk> <CACsn0ckcqaQpyb_FUSvNefRmYLLKN2T5TDfbK8F4E7bRepYKkA@mail.gmail.com>
In-Reply-To: <CACsn0ckcqaQpyb_FUSvNefRmYLLKN2T5TDfbK8F4E7bRepYKkA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=warwick.ac.uk;
x-originating-ip: [86.1.47.16]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 91452d67-05e1-4b60-427b-08d8709340fc
x-ms-traffictypediagnostic: VI1PR0102MB3120:
x-microsoft-antispam-prvs: <VI1PR0102MB3120E0E03C8D41AE472A9546D6050@VI1PR0102MB3120.eurprd01.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fPvgNrJhi6A+KsMPD51SaJnkc6ov5qwubbu9Q8UDPjAxXwUijiHkBMYftQ50RZlDHNewT+2OtCWP3fGvi3b4cFb9ys2sc52svOOBZf31szIgayTF8DnPxqAvD058VbopjtK+8NvwmGsm9xeNvwlwL3r2PM9u2Zv+G7tKvj6uWb28jGj1e7BuFSlX3EH61RH0YJ+pufE4UlnKRAsdxhoTf6FT8tOUamOSlk8Ddp9tIg7/Zt6BTAAa0W1mAeNafj7k5O6gYmbCw63xX+CJBtGnQwFjpXT1B7n9bo8VUtcCgE3kNkSEjhPedu1cQLTPx44qvTqiEPCOm1raO53iqK6bzw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR01MB4285.eurprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(396003)(366004)(39860400002)(346002)(6512007)(8936002)(5660300002)(8676002)(186003)(786003)(6916009)(36756003)(26005)(2616005)(6486002)(2906002)(54906003)(316002)(33656002)(478600001)(4326008)(64756008)(76116006)(66556008)(71200400001)(66446008)(86362001)(66476007)(66946007)(91956017)(83380400001)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: E6wUCHhciP0iMLvTc0MKx8a/5JrrwGUMiCRPSykMuzCalTQzKcqHr9jF8QXkimXhlOu9R2EEiiJ2SMNaYqQKm/8UvH2/1AS9zs9P/e783qrLkBGUlwQZwvR9bfDgMqjIgF5qkSpq/gaBaBeiO+QqNzak0yfks/LfMFjBT8/eWuoKvxWTNL/wi8dYE+9O9ovpaxlrqxzIoeBTQ7qvb3wRKN8xCgqNogjXpiWbgy6eCqmubuwubngjlXpeRwNw8bgvXwaPjvWo2e1NWdHuvq7KGqb+QTCNdvXhDc4cUA758OcdZ57c2k80MeXRwLX2y+OIx5uqolgI8KkLRe8UXhY8U6QB3Q2W/9J6tgc+dyAu/FEjs4nNUwaHygA3RjHXw/iqztgXtKhSbaDiGYUMKMQI1MqrSKTInIOTR2fH9QqwsnJJMkI7Xp5pjglKLf+e6ifCHtE3nvCGreRuIiYHIpNTh37lPMl6givD7CnLZwu/8GGAyDZzA0C3JAPqPTGiMiRvEtuZC1qYNe5Ji/tupwABtmYqs+9XGlNlv5sNZZW9j8vEsAvz/Bw6JR7md6fFkyWAyJ3rxb7O3a1+IYRfxWZyOtbcUENiIO0D2p5FbbvFhb7r4UGl7KH/O+oQUa3TBy4uK2Ha4ikwaoNaemYYF74d0g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_9B7997F2BB2244CCB08B70E978664ADEwarwickacuk_"
MIME-Version: 1.0
X-OriginatorOrg: warwick.ac.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR01MB4285.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 91452d67-05e1-4b60-427b-08d8709340fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2020 22:48:22.5122 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09bacfbd-47ef-4465-9265-3546f2eaf6bc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uajkFgcxDDAKtI6zRXakTDbyjXGYU+B2HQgrvqi+q+l6mKHU0msLMLmuChLWywjWDMjqTLVKhJNT3319NcAkHXnQW3ibf2OhYfKJSNRHkz0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0102MB3120
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FAaWskHD26usc_jRKXmYgT9_vQ8>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2020 22:48:27 -0000
On Wed, Oct 14, 2020, 12:36 PM Hao, Feng <Feng.Hao@warwick.ac.uk<mailto:Feng.Hao@warwick.ac.uk>> wrote: For “per-user M and N”, the authors need to be explicit how exactly will each party know the identity to be used by the other party even before any communication starts. Otherwise, you will end up with a “one-round PAKE” that can’t be implemented in one round. This is a higher level protocol consideration, but I don't see how an extra round would be needed since the server seems the client identity in the first message. It has to look up the password after all. How about the initiator? Besides client-server, you also need to consider peer-to-peer which is a typical setting for a balanced PAKE. How do peers know each other’s identity beforehand? If you have specific text that would be helpful I'm happy to add it post collecting all the comments. I’m afraid I don’t have any specific text to propose. It’s not about tweaking text. It’s a fundamental issue that needs to be considered carefully, especially that what you are doing here deviates from the established practice in the past many years research on PAKE where the user identities are established in-flow rather than being presumed or “remembered”. It’s OK that you do something different, but extra care is needed. I can only suggest you to flesh out full details on “per-user M and N” and how it is integrated within the SPAKE2 protocol as a complete specification before it’s possible for others to review and comment on your proposal; or alternatively revert to the original (published) SPAKE2 scheme and acknowledge the limitation of using a global trusted setup.
- [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Stanislav V. Smyshlyaev
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Hao, Feng
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Watson Ladd
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Hao, Feng
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Hao, Feng
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Watson Ladd
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Hao, Feng
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Watson Ladd
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Hao, Feng
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Björn Haase
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 Björn Haase
- Re: [Cfrg] RGLC on draft-irtf-cfrg-spake2-13 (rej… Annie Yousar