Re: [Cfrg] Wack-A-Mole and PKEX 3.0 -> Re: Fwd: New Version Notification for draft-harkins-pkex-00.txt

Watson Ladd <watsonbladd@gmail.com> Tue, 13 September 2016 21:56 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F08712B0CC for <cfrg@ietfa.amsl.com>; Tue, 13 Sep 2016 14:56:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RStQOFkNi0R for <cfrg@ietfa.amsl.com>; Tue, 13 Sep 2016 14:56:02 -0700 (PDT)
Received: from mail-yb0-x236.google.com (mail-yb0-x236.google.com [IPv6:2607:f8b0:4002:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90ED712B0C6 for <cfrg@irtf.org>; Tue, 13 Sep 2016 14:56:02 -0700 (PDT)
Received: by mail-yb0-x236.google.com with SMTP id i66so2701374yba.0 for <cfrg@irtf.org>; Tue, 13 Sep 2016 14:56:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Bmeo5ByOXv/T6tnWn3rmLAB8L5QQ8MaR/yWGV+pur28=; b=Oluu+QN5WuNnQX5hr14C4yAPTtQAGfpcZDmVu4AAdT+9auDIMeEdil/s4qFlTSuAnF ACEQ5LkUy9Jmtujt2ksshVCiJlGz5zvhd7uIUfT133NRJ1VSRSjQWSqlZxvx77o3SGFC L5xI5ZVkODDw6vwe6X7ZPilaYftLNevX5JfAVi/1OSbQ1gXofN4z75fMpz4cM6HIe5Qo HcM9kwnfOBLDGJS3uY6HC/uVX6l8qheUSMwgKvIxANrfoOejvkxTKHc99utdqG+b48xr FYqb31CB0TmgXma1zyt7ABtsiaJw6t10RqiOLqwxvohuYiDbILuLD5iqclpRJXMT44Pj GtHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Bmeo5ByOXv/T6tnWn3rmLAB8L5QQ8MaR/yWGV+pur28=; b=hQwxKs4BnrbYjP/YXswdtJ6oWz8UkI99HwK4/nBrcAVsXKK6RFhrb2t1JKo6Lbt+Ki XpzoQUipDYKN4Z66y6oz+N1zEyswgUUYj6wsEvNXu3qvxdkOaDVPnceToYhlSdy71rjp 3oig2ZzCFpYlY2JzFBZByblQ2i76nApdTf7S7pBpRdsFPS3aafPGRQCm2nCUqTU84poj Np17JD2yGV7mHf0JZMQi2eYyo7MVuYQo5iwpytBaX+aqNPp4CXfE2xo91dfeR/nBcx0A k7+SEJWKVAr+XqaWbjONwafwiutojwiCY37HuD3D0AE/hvnNNC1oBKRjfQUTfBX6kbJL b/kg==
X-Gm-Message-State: AE9vXwOQDarBlx57Ssta43456k1sd+5IR0/s5PiEfQjrqHnVavMQ3MbHeFRa7JNtHJIp1aRiD0zF6aL/WWL0LA==
X-Received: by 10.37.31.196 with SMTP id f187mr3405561ybf.56.1473803761870; Tue, 13 Sep 2016 14:56:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.4.102 with HTTP; Tue, 13 Sep 2016 14:56:01 -0700 (PDT)
In-Reply-To: <69fce1b2-d68f-bd70-a969-f36d419ae734@lounge.org>
References: <D3FC35C1.9FC94%paul@marvell.com> <56878156-5fdf-9541-f9e2-882ab54a1632@lounge.org> <D3FC63E7.9FF36%paul@marvell.com> <8c36f26a-59b4-e483-c1e5-12a083f4b0b0@lounge.org> <D3FD4294.A005A%paul@marvell.com> <CALCETrX2sf+Ajiiyqj=bm8V2s2jTyYSyURMxfchPXw488rUP2Q@mail.gmail.com> <35b47674-90bc-926c-3a5f-bbe36291ce0e@lounge.org> <CALCETrUyCTRyBcq5nYQEmc7VRmRURQX75uKTxcpQ40q2sXSb8Q@mail.gmail.com> <69fce1b2-d68f-bd70-a969-f36d419ae734@lounge.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 13 Sep 2016 14:56:01 -0700
Message-ID: <CACsn0ckPQRAPuUsrQastow2NRr3WXpwxg-YfxXnhHhhvwHs-zg@mail.gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FN5hfaTcrgSFbNYnVOTzM2IUGac>
Cc: "Adrangi, Farid" <farid.adrangi@intel.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Wack-A-Mole and PKEX 3.0 -> Re: Fwd: New Version Notification for draft-harkins-pkex-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 21:56:04 -0000

<Massive exchange everyone has given up on chopped>

What assurance do we have that PKEX actually satisfies the security
claims claimed for it? Don't you think a conference paper is a better
place to put a new protocol then an IRTF mailing list consisting of
people almost entirely unqualified to do the sort of analysis you are
calling for, and with no proof of security, or even formal security
claims put forward?

The commitments do not bind properly: this is obvious. It is not clear
what the KDF is used for, or what properties it requires. Furthermore,
there is no reason to believe that the identities are "trusted":
clearly anyone with the shared password can register whatever keys
they want with whatever identities they desire.  All that is
ostensibly known is that someone who knows the private key and the
password has participated in the protocol. It is clear this is an
inherent property of an protocol.

>
>   Dan.
>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.