Re: [Cfrg] Fwd: New Version Notification for draft-harkins-pkex-00.txt
Dan Harkins <dharkins@lounge.org> Mon, 12 September 2016 20:19 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19BDA12B0F8 for <cfrg@ietfa.amsl.com>; Mon, 12 Sep 2016 13:19:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-h53dM0fCJv for <cfrg@ietfa.amsl.com>; Mon, 12 Sep 2016 13:19:06 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id E238712B0CD for <cfrg@irtf.org>; Mon, 12 Sep 2016 13:19:05 -0700 (PDT)
Received: from thinny.local (unknown [77.79.217.194]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id E2D9F10224062; Mon, 12 Sep 2016 13:19:04 -0700 (PDT)
To: Andy Lutomirski <luto@amacapital.net>
References: <147367129321.14577.4302361405783294005.idtracker@ietfa.amsl.com> <3e9341e6-d826-a028-df40-a4e0dff98635@lounge.org> <CALCETrXo3AQNJGzvVQ-O3YtGhPOu45Y6S13u3WUJO8PjkU6EJQ@mail.gmail.com>
From: Dan Harkins <dharkins@lounge.org>
Message-ID: <e0fe2661-7012-ca38-de81-5941d64a0ec2@lounge.org>
Date: Mon, 12 Sep 2016 13:19:03 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CALCETrXo3AQNJGzvVQ-O3YtGhPOu45Y6S13u3WUJO8PjkU6EJQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------69F9F2C3F3903FC805AD47F3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/IoNivgbSmZkJlI-lvav9CG1Yw4s>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Fwd: New Version Notification for draft-harkins-pkex-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 20:19:08 -0000
Hi Andy, On 9/12/16 8:20 AM, Andy Lutomirski wrote: > > This appears to be more or less the same protocol described in the > 802.11 DPP drafts. It was terminally insecure then and it appears to > be just as terminally insecure now. If it's really necessary for some > reason, I can reiterate the multiple ways I found to break it after > half an hour of thinking. > Yes please do show the multiple ways to break this. > This protocol needs to be replaced, starting from scratch. By "from > scratch", I mean that a real PAKE should be used, in its intended > form. The result will not even need to mention "groups", because > there is no reason at all for the tiny bit of protocol layered above > the PAKE to care that the exchanged keys are anything other than > opaque strings. > I am honestly soliciting constructive comments. If you have some please provide them. Dan. > --Andy > > > On Sep 12, 2016 2:19 AM, "Dan Harkins" <dharkins@lounge.org > <mailto:dharkins@lounge.org>> wrote: > > > Hello, > > In the current PAKE requirements draft there is an application > described for which we have no candidate protocols. Namely, > > "In addition to key retrieval from escrow, there is also the variant > of two parties exchanging public keys using a PAKE in lieu of > certificates. In this variant, public keys can be encrypted using a > password. Authentication key distribution can be performed because > each side knows the private key associated with its unencrypted > public key and can also decrypt the peer's public key. This > technique can be used to transform a short, one-time code into a > long-term public key." > > So I have written an I-D that proposes just such a protocol. I > solicit review and criticism. > > regards, > > Dan. > > -------- Forwarded Message -------- > A new version of I-D, draft-harkins-pkex-00.txt > > has been successfully submitted by Dan Harkins and posted to the > IETF repository. > > Name: draft-harkins-pkex > Revision: 00 > Title: PKEX > Document date: 2016-09-12 > Group: Individual Submission > Pages: 9 > URL:https://www.ietf.org/internet-drafts/draft-harkins-pkex-00.txt > <https://www.ietf.org/internet-drafts/draft-harkins-pkex-00.txt> > Status:https://datatracker.ietf.org/doc/draft-harkins-pkex/ > <https://datatracker.ietf.org/doc/draft-harkins-pkex/> > Htmlized:https://tools.ietf.org/html/draft-harkins-pkex-00 > <https://tools.ietf.org/html/draft-harkins-pkex-00> > > > Abstract: > This memo describes a password-authenticated protocol to allow two > devices to exchange "raw" (uncertified) public keys and establish > trust that the keys belong to their respective identities. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available attools.ietf.org <http://tools.ietf.org>. > > The IETF Secretariat > > _______________________________________________ Cfrg mailing list > Cfrg@irtf.org <mailto:Cfrg@irtf.org> > https://www.irtf.org/mailman/listinfo/cfrg > <https://www.irtf.org/mailman/listinfo/cfrg> >
- [Cfrg] Fwd: New Version Notification for draft-ha… Dan Harkins
- Re: [Cfrg] Fwd: New Version Notification for draf… Andy Lutomirski
- Re: [Cfrg] Fwd: New Version Notification for draf… Dan Harkins
- Re: [Cfrg] Fwd: New Version Notification for draf… Dan Harkins
- Re: [Cfrg] Fwd: New Version Notification for draf… Andy Lutomirski
- Re: [Cfrg] Fwd: New Version Notification for draf… Dan Harkins
- Re: [Cfrg] Fwd: New Version Notification for draf… Andy Lutomirski
- Re: [Cfrg] Fwd: New Version Notification for draf… Dan Harkins
- Re: [Cfrg] Fwd: New Version Notification for draf… Andy Lutomirski