IETF Logo Mail Archive

Re: [Cfrg] Integration of OPAQUE in IKEv2

Yoav Nir <ynir.ietf@gmail.com> Sun, 15 September 2019 19:55 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D3981200EB for <cfrg@ietfa.amsl.com>; Sun, 15 Sep 2019 12:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAYJ23yPpKfU for <cfrg@ietfa.amsl.com>; Sun, 15 Sep 2019 12:55:07 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B4C12002F for <cfrg@ietf.org>; Sun, 15 Sep 2019 12:55:07 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id q17so32055988wrx.10 for <cfrg@ietf.org>; Sun, 15 Sep 2019 12:55:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=3LVn5YaDVIH+0sIPoJgsc5+8jNy/+MXWR3bjyTOqtXA=; b=d1h8mzyRFf8gdNAA5UNkCk0BifI+ZfQWfrnFb3suHvOOIGX/JyuV31bPm/XtDIEo03 7B8ndrsMW916SDke4OyiJ9FfmdL9IPPqsOJ28MmZwCGvnr4NBWw3c/ndrmMPJMfqSWlK 4P779qI+4aNhSIedGwXz5Ho0+8DYHoPn8XegjXiIjv2/vFoMEU6oJWa0hlPoqzhoee0a rxJwYWxoVv7iJT7x6OTerEaGk4Oe8IlHM+U1kqEaaDJh6L0vCnNSyZjWyvN823yQttua iz0YSSjgFlUDNDe1djlAszQYIBglxaLRMZRiCyJOBfM7tijTiOmHJU5QqMzd9EUCR2Kb VsPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=3LVn5YaDVIH+0sIPoJgsc5+8jNy/+MXWR3bjyTOqtXA=; b=YfdQ44c/eZ7XVlpi3iUQNdFJLxoUbE4G9jn+v38uJ1MgIAjK8ObYQE/dLKKPfa9sSu thAMoJPzdVXDnMpZljvuhsEvKLazROCVNQWKU7AwEY7LeOFyojfddiFdLif71Eo/jeju NMRNASx3IVJw46/juXjwqEsLKQsFkSbPEIgp88CIpdG22MK6rVYjbjfGb6wfxK7GDIWI m/ro0KwsLaYizUqnK+sVgDQFue2RujOrvqqcmem1wAo0qm3WYaHJVf9armzxrNe0hLnu KI5DzaOtS2FzGjmapSzN5BwgIsqtyJ79ZPF+ZOhiyAEI6/KZlgDNpCmGNCNX9GP6wQ2k /Kpw==
X-Gm-Message-State: APjAAAUnrMJxWi9a+Usk53FegOKq6+RpF6tQTgzn5z3oA3hrW1RzUENY 89v9jyNRM9OTaGrDzbDatUw=
X-Google-Smtp-Source: APXvYqx4GRcFDNMBSjkPVb9Id/2ujpUM+nlIizpRzJ1/EW+jBlC+S0erook0a2ifIOK4a5KUaY4Tkg==
X-Received: by 2002:a5d:4dcb:: with SMTP id f11mr45137348wru.239.1568577305572; Sun, 15 Sep 2019 12:55:05 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id w125sm28892502wmg.32.2019.09.15.12.55.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Sep 2019 12:55:04 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <DB5BA26F-8174-4001-B1EB-9C892C27AB06@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B32CDA9A-CCFA-4EF6-9550-AED80F1A36AB"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 15 Sep 2019 22:55:02 +0300
In-Reply-To: <CADi0yUN=+mX80ESTnttgVYk+mT3jTWZ=mcqB28T5YmdRQZ1bhw@mail.gmail.com>
Cc: Valery Smyslov <smyslov.ietf@gmail.com>, "<cfrg@ietf.org>" <cfrg@ietf.org>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>
References: <0791DF4A-098E-4753-B886-BFC2D7DA1F97@gmail.com> <CADi0yUN=+mX80ESTnttgVYk+mT3jTWZ=mcqB28T5YmdRQZ1bhw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FgoZ7XAH9I5QEskVbCtBZACkXmo>
Subject: Re: [Cfrg] Integration of OPAQUE in IKEv2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2019 19:55:10 -0000


> On 12 Sep 2019, at 4:30, Hugo Krawczyk <hugo@ee.technion.ac.il> wrote:
> 
> Hi Yoav and Valery, 
> 
> thanks for your extensive analysis of the different PAKE candidates. 
> I would like to clarify some issues regarding the way you
> envision the integration of OPAQUE in the context of IKEv2. 
> 
> Let me first refer to Yoav's analysis 
> https://mailarchive.ietf.org/arch/msg/cfrg/PWhIOQKBHapZ1Rpbd7Brr_JFIg8 <https://mailarchive.ietf.org/arch/msg/cfrg/PWhIOQKBHapZ1Rpbd7Brr_JFIg8>
> where he says:
> 
> > OPAQUE spends one round-trip on sending IDi and receiving EnvU and vU.
> > OPAQUE spends another round-trip on the OPRF protocol.
> > OPAQUE spends yet another round-trip for a KE exchange.
> > The final IKE_AUTH flow uses the generated key for the AUTH payloads.
> > Altogether 5 round-trips (or IKE_AUTH exchanges) are needed for user
> > authentication.
> 
> This mimics the modular description in the OPAQUE draft that shows the different
> logical components. However, these components need not be run sequentially but
> rather in parallel, namely, piggybacking the OPRF to any existing AKE protocol.


Thanks, Hugo.  That makes sense.

It also strengthens the conclusion from both Valery and myself that all the proposed PAKEs will work well enough with IKEv2, so that compatibility with IKEv2 should not be a consideration when picking 1 or 2 PAKEs.

Yoav

v2.23.0 | Report a Bug | By Email