Re: [Cfrg] I like PKEX
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 16 November 2017 08:30 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3D37129AA3 for <cfrg@ietfa.amsl.com>; Thu, 16 Nov 2017 00:30:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1kWEnrPh6sG for <cfrg@ietfa.amsl.com>; Thu, 16 Nov 2017 00:30:33 -0800 (PST)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BAE6129A8F for <cfrg@irtf.org>; Thu, 16 Nov 2017 00:30:33 -0800 (PST)
Received: by mail-qt0-x231.google.com with SMTP id u42so17775596qte.7 for <cfrg@irtf.org>; Thu, 16 Nov 2017 00:30:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=//pYPwTG8Bcd/8ficfhbMx/Z/sAxtqn2rnZMTUgw9bI=; b=FPNF1p1yXMkJDDchH7ky39+LUAr9dZEMLJb+u81FT3aH8nkhR9N9d77AZKbjdM6Wez Fhd7N6MhUuClq632KSX7ObNAcLMC9Lx7OgcemiElhWcPgwlj2rivjQYAm7EPX6L0qTui gPHV0e6d9WRo2YVlfufVdYIatGJDFPctIO3cG7/5OHGjDb+V0Zw5IwLlszGG1QI30GM5 aM6B/qp05KjldFGBju990qaM3VTnUnBQ/wUZHJ15aHRhfvXyTgDZw3X4Q1ZoTb/3IpJ9 d+Wck/9piH0cuqH3j9nHG44Lf5l9kmgIc2wadqH+X6tXMkUvEsVpxdWNQr4Uw3JnUJxY ILaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=//pYPwTG8Bcd/8ficfhbMx/Z/sAxtqn2rnZMTUgw9bI=; b=fDQEMnpey47xRdpla0eLapbQAt+QsrQGU8Cd49ErRP4dqm0KY2gaf2jNg08pdrKmMO rfsPYMmTWAeuSCRkJpLDQLBU49vjb9mV3oSoQEwlMs6SEZltcg7lT5GB+39XrmoH6jao twdSFgqwavaKJ1Iv49V26lSqp4Y0/VwT4Ul3f2R1HM3moF1OqmfVWJvZ0jKfKJSs05bQ BFC9KkvvnGAQvN4yTuFdy0Kr8dIkczxzC4H9RFugxiZ4UOX/AZGpxjH3yihUa2hS1rYb 2ba7y7NfdBCU2HZBCkEB14/FUtoXQkZXM641FTn8mX29Fo+nYCitJuCpUWbAjdLB/197 ovkA==
X-Gm-Message-State: AJaThX44zpRdEuYqdcEW4qL4Po7uJxYsJ6iUhRVxNUSB3t3fM4/GMRPN sk0ftib9HExrxJBDBLlCIRHXtTeeUxucPVj2954=
X-Google-Smtp-Source: AGs4zMaIwOF1z+Ei59OXhmD2VzoYsuFXkQ8FTAOtfHeIW+uhSikDTkX+VteSFPFmIv3pnl4NVAX1TjzRfpsZWI43yuo=
X-Received: by 10.55.108.135 with SMTP id h129mr1033018qkc.111.1510817460508; Wed, 15 Nov 2017 23:31:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.142.67 with HTTP; Wed, 15 Nov 2017 23:31:00 -0800 (PST)
In-Reply-To: <CAMr0u6mP8pscKSBwTxrFYaRvCqAvHKFEwai8m4GbWcNwhkA1Jg@mail.gmail.com>
References: <EA0997AC-6EB9-4649-8502-9A185A77760D@akamai.com> <CAL02cgT5hAfoga82Opb20C8sB63Hr4bSxssF+N-o=uPtQCoZZA@mail.gmail.com> <CAMr0u6mP8pscKSBwTxrFYaRvCqAvHKFEwai8m4GbWcNwhkA1Jg@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 16 Nov 2017 15:31:00 +0800
Message-ID: <CAMr0u6mt5i7gz0Pnv=oM6QZYN4aFjmfsa-Dwg=VB-URE5Jp_hQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: "Salz, Rich" <rsalz@akamai.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="001a1148809a0ddc7d055e149afc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/IKSyxI7esnA-iUajc_cD5VUTkaI>
Subject: Re: [Cfrg] I like PKEX
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 08:30:45 -0000
Though, unfortunately, I am not aware of any online banking systems or messengers that use PAKEs for user authentication, I'd like to mention (hope you consider it interesting) that there are some existing cloud signature solutions (digital signature servers) in Russia that use one of PAKEs to authenticate users to their private keys stored in a cloud - in a way that is pretty similar to the one that has been mentioned by Rich. Best regards, Stanislav 2017-11-16 15:23 GMT+08:00 Stanislav V. Smyshlyaev <smyshsv@gmail.com>: > In fact, PKEX (password-authenticated key exchange protocol by Dan > Harkins, https://tools.ietf.org/html/draft-harkins-pkex-04 - for > Richard), as all secure PAKE protocols can help to upgrade most cases of > authentication, when some shared secret (password or, as in Rich's example, > an account number), to solutions which do not require having a primary > trust to someone you're authenticating to. > > I'd also like to see PAKEs in the messengers, as I commented during the > CFRG meeting yesterday. > > > 2017-11-16 15:21 GMT+08:00 Richard Barnes <rlb@ipv.sx>: > >> Sorry, what is PKEX? >> >> On Thu, Nov 16, 2017 at 3:11 PM, Salz, Rich <rsalz@akamai.com> wrote: >> >>> I think the PKEX stuff is very interesting. It inverts the trust model >>> used on the Web. Suppose I want to do some online banking with >>> mybank.com. My browser checks the server cert, and decided to trust it >>> if the CA verifies the identity. I then type my name and password into the >>> website. There is a risk if I end up at the wrong website. >>> >>> >>> >>> With PKEX, I can use my name and password and the bank can use something >>> like my account number or other similar info, and we exchange and get a >>> shared secret. We then use that secret to get an authenticated ECDSA key >>> and then I switch to TLS and get its benefits. No third-party trust is >>> needed. >>> >>> >>> >>> I think this solves an interesting use-case and it would be nice to have >>> it in our toolbox. >>> >>> >>> >>> _______________________________________________ >>> Cfrg mailing list >>> Cfrg@irtf.org >>> https://www.irtf.org/mailman/listinfo/cfrg >>> >>> >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg >> >> >
- [Cfrg] I like PKEX Salz, Rich
- Re: [Cfrg] I like PKEX Richard Barnes
- Re: [Cfrg] I like PKEX Salz, Rich
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX David Jacobson
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX Dan Harkins