[Cfrg] PKEX update

Dan Harkins <dharkins@lounge.org> Mon, 28 November 2016 21:42 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 365D1129F77 for <cfrg@ietfa.amsl.com>; Mon, 28 Nov 2016 13:42:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id SsAbngXoa-uA for <cfrg@ietfa.amsl.com>; Mon, 28 Nov 2016 13:42:51 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net []) by ietfa.amsl.com (Postfix) with ESMTP id 00058129EA7 for <cfrg@irtf.org>; Mon, 28 Nov 2016 13:42:50 -0800 (PST)
Received: from thinny.local (69-12-173-8.static.dsltransport.net []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id B85F8A888120 for <cfrg@irtf.org>; Mon, 28 Nov 2016 13:42:50 -0800 (PST)
To: "cfrg@irtf.org" <cfrg@irtf.org>
From: Dan Harkins <dharkins@lounge.org>
Message-ID: <5a4d1895-2819-ab7f-0163-06c12c00a609@lounge.org>
Date: Mon, 28 Nov 2016 13:42:47 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/KinKT2v6ZnC68uo44htMhP7ylVk>
Subject: [Cfrg] PKEX update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 21:42:52 -0000


   I have submitted -02 of the PKEX draft to the repository. Main change is
that I have generated the role-specific elements that PKEX uses for several
popular elliptic curves.

   PKEX allows for the exchange of "raw" public keys. From the Introduction:

      Many authenticated key exchange protocols allow for authentication
      using uncertified, or "raw", public keys.  Usually these
      specifications-- e.g.  [RFC7250] for TLS and [RFC7670] for IKEv2--
      assume keys are exchanged in some out-of-band mechanism.

      [RFC7250] further states that "the main security challenge [to using
      'raw' public keys] is how to associate the public key with a specific
      entity.  Without a secure binding between identifier and key, the
      protocol will be vulnerable to man-in-the- middle attacks."

      The Public Key Exchange (PKEX) is designed to fill that gap: it
      establishs a secure binding between exchanged public keys and
      identifiers, it provides proof-of-possession of the exchanged public
      keys to each peer, and it enables the establishment of trust in
      public keys that can subsequently be used to faccilitate
      authentication in other authentication and key exchange protocols.

It addresses the "Password Authenticated Key Distribution" application
from our PAKE Requirements draft.

   Comments are solicited.



On 11/28/16 1:25 PM, internet-drafts@ietf.org wrote:
> A new version of I-D, draft-harkins-pkex-02.txt
> has been successfully submitted by Dan Harkins and posted to the
> IETF repository.
> Name:		draft-harkins-pkex
> Revision:	02
> Title:		PKEX
> Document date:	2016-11-28
> Group:		Individual Submission
> Pages:		16
> URL:            https://www.ietf.org/internet-drafts/draft-harkins-pkex-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-harkins-pkex/
> Htmlized:       https://tools.ietf.org/html/draft-harkins-pkex-02
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-harkins-pkex-02
> Abstract:
>     This memo describes a password-authenticated protocol to allow two
>     devices to exchange "raw" (uncertified) public keys and establish
>     trust that the keys belong to their respective identities.