IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.txt

Watson Ladd <watsonbladd@gmail.com> Mon, 03 February 2014 22:12 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C121A01EE for <cfrg@ietfa.amsl.com>; Mon, 3 Feb 2014 14:12:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCD66rMlRiKL for <cfrg@ietfa.amsl.com>; Mon, 3 Feb 2014 14:12:02 -0800 (PST)
Received: from mail-yk0-f169.google.com (mail-yk0-f169.google.com [209.85.160.169]) by ietfa.amsl.com (Postfix) with ESMTP id 9614A1A015D for <cfrg@ietf.org>; Mon, 3 Feb 2014 14:12:02 -0800 (PST)
Received: by mail-yk0-f169.google.com with SMTP id q9so42590173ykb.0 for <cfrg@ietf.org>; Mon, 03 Feb 2014 14:11:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MuKeUL4Mxm/kbBwBhGBqun6RJ8hmR4ZwzTQvNVdxA2U=; b=RCQkC17WukuCaDH+7tGxlBFivl5XdV+WSSQX6sLvnKKIuhlsDtFE0CGoeHZefQoEI1 Z46IqmovKff1HKq5bM6Yv45KkRirDSR120TzdfZOVXtRAwtt9unRbxZCEsgmj6ShkaXQ YdyUBbNUxpySKzXpkh+oKI0KP6CEe7YuQcXuSXZA+lM7zg0vsAUAER8zK48u6XzHhLR4 5UokJXHC0co4T6SGYybP0lt1NB03aYhQPDBvIVbXuxQvj0Dr6wURZAMgKxFCBHDyusz4 ayFGOQzinLX6glIWf6eoSbyD7zV4qsCNyxoYgqfhyKv411s0zbCCNmrMw5O9ejEIz/Yw PAjA==
MIME-Version: 1.0
X-Received: by 10.236.191.67 with SMTP id f43mr7786741yhn.60.1391465485577; Mon, 03 Feb 2014 14:11:25 -0800 (PST)
Received: by 10.170.126.76 with HTTP; Mon, 3 Feb 2014 14:11:25 -0800 (PST)
Received: by 10.170.126.76 with HTTP; Mon, 3 Feb 2014 14:11:25 -0800 (PST)
In-Reply-To: <52F00EF3.3040505@cisco.com>
References: <20140203192451.6268.76511.idtracker@ietfa.amsl.com> <7af2f9df96e5867d493c614806235363.squirrel@www.trepanning.net> <CACsn0cm1f-P95je5AbEbZ02Ut3+HM7Hx28P6j46TqE-=06eZDg@mail.gmail.com> <52F00EF3.3040505@cisco.com>
Date: Mon, 03 Feb 2014 14:11:25 -0800
Message-ID: <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: David McGrew <mcgrew@cisco.com>
Content-Type: multipart/alternative; boundary="20cf3040e42efc31ed04f187cdfe"
Cc: cfrg@ietf.org
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 22:12:05 -0000

On Feb 3, 2014 1:49 PM, "David McGrew" <mcgrew@cisco.com> wrote:
>
> On 02/03/2014 02:47 PM, Watson Ladd wrote:
>>
>>
>> On Feb 3, 2014 11:27 AM, "Dan Harkins" <dharkins@lounge.org> wrote:
>> >
>> >
>> >   Hello,
>> >
>> >   I updated the dragonfly draft to incorporate the comments received
>> > from Rene and Scott. Please take a look.
>> >
>>
>> It still doesn't compare favorably to JPAKE or SPAKE2. TLS has shown
less then zero interest in it. No reduction or evidence for claims made is
forthcoming. The draft excludes curves with uniform hashing to points.
>>
>> Why is this specific PAKE a work item and not the other alternatives?
>
>
> You mean like draft-irtf-cfrg-augpake-00?
>
> Drafts are taken up when someone is willing to write one, and there are
sufficiently many other people that are interested.
>
>> Was this a joke for groundhog day?
>
>
> The sarcasm is not helpful.  Let's stick to a technical discussion.
>
> This draft most certainly should be reviewed, since security concerns
were raised regarding earlier versions of the draft, especially regarding
implementation guidance and timing channels.
>
> The process by which CFRG drafts can become RFCs is described in
http://wiki.tools.ietf.org/html/rfc5743#section-2.1   Note that there is a
paragraph in the RFC that describes the relationship of that work to the
research group.    This mechanism enables the sentiment of the RG to be
captured in the RFC.
>
> Let me ask: can you suggest text for the security considerations section
of this draft that captures your concerns regarding the lack of reduction
and uniform hashing?

Sure: "Despite significant efforts, no variant of this protocol has been
proved secure even in the random oracle model with nonstandard assumptions.
None of the security claims are sensible in any accepted formalization of
security protocols. Significant dissent in the WG existed with publication
due to the lack of any more than superficial analysis. No Internet protocol
should use this PAKE when alternatives exist." Just about sums it up.
>
> David

v2.23.0 | Report a Bug | By Email