Re: [Cfrg] [http-auth] Fwd: Another PAKE question

Yutaka OIWA <y.oiwa@aist.go.jp> Wed, 05 March 2014 18:30 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A5DB1A01A8 for <cfrg@ietfa.amsl.com>; Wed, 5 Mar 2014 10:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cYm_lwC5ZZJ for <cfrg@ietfa.amsl.com>; Wed, 5 Mar 2014 10:30:51 -0800 (PST)
Received: from na3sys010aog101.obsmtp.com (na3sys010aog101.obsmtp.com [74.125.245.70]) by ietfa.amsl.com (Postfix) with ESMTP id 431EB1A016E for <cfrg@irtf.org>; Wed, 5 Mar 2014 10:30:51 -0800 (PST)
Received: from mail-vc0-f176.google.com ([209.85.220.176]) (using TLSv1) by na3sys010aob101.postini.com ([74.125.244.12]) with SMTP ID DSNKUxdtV62lorp7g/FlZ0ATmMASaO4FkwEN@postini.com; Wed, 05 Mar 2014 10:30:48 PST
Received: by mail-vc0-f176.google.com with SMTP id lc6so972225vcb.35 for <cfrg@irtf.org>; Wed, 05 Mar 2014 10:30:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=RhoTWbx5b+8Vsml70kOOxnFNMVRyLv3hTGKvOpOX9Zc=; b=DpATLrWkGka/OCCatX7fEfnek7Es7Kr+DqVMYkEMzPM9/9UJs0N3Y32NIP89ENUoYX me1SBO6lGN+L7G7Q4WtbyknIrOWthLDiwNKEkUyJWoLCVbt/MDZxXwsXnQN69Zq0sDQ2 A2ouhNiUQlRfm7VG/yK/NlGB8NqvfD3X7lsg4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=RhoTWbx5b+8Vsml70kOOxnFNMVRyLv3hTGKvOpOX9Zc=; b=nFw7HC5nyyvaTFOopMUCVXhpfQemfiCb9WBZ8XVYeWI6ZQiSg7D82A5t72cXZl30dy 1wq76Bv7Im1zYSKPqqCVrADeCGqu/92Co6KTQMvxoM3V0GinUMWeNT6rhz6rTUQ8Yf+R 2+SHFoygXJHdO4HUV2UkoYSABzXlxQpq3abDB9rmc8yS2zAjJU5eaQhuVqrED2ML5UsE voPNkOswy+Vjrkl2vPFCnGgVtCevzCiLv2mZzwamSFK07YJHCTX+czpqxkSa1dTNLA2Y 7TUbuWZerznJDsTY897zvXnALCp/uRSHaWDKgCoB7Ghvl4dii+2BSWzuK4rZ+dxSiZnk q7fg==
X-Gm-Message-State: ALoCoQk9L0sKP82deLBZjS0KEHQJuDiJ4iDkiL+pqQbK+zaGSjrAbqmtJVafQPE0oFaWMv3YxT4tuB7S/0JsISVF/YqjycB0CNfkh21mp1dJl45iTyHv9Kuz0pTd2hsuPNJK4JTt4+iAjgd/4bxWcdGOg5Jo8LLkkQ==
X-Received: by 10.220.99.72 with SMTP id t8mr1154682vcn.10.1394044247081; Wed, 05 Mar 2014 10:30:47 -0800 (PST)
X-Received: by 10.220.99.72 with SMTP id t8mr1154670vcn.10.1394044246942; Wed, 05 Mar 2014 10:30:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.100.227 with HTTP; Wed, 5 Mar 2014 10:30:26 -0800 (PST)
In-Reply-To: <A4A326BF-6C6B-482F-85FB-36880BF315DA@checkpoint.com>
References: <CACsn0cmSH0hfuZs19Epvh_=vCPszx3Y3_GP5+snFDMcmAQUyQg@mail.gmail.com> <A4A326BF-6C6B-482F-85FB-36880BF315DA@checkpoint.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Thu, 6 Mar 2014 03:30:26 +0900
Message-ID: <CAMeZVwsv1LWAcEdqFU94d8GXMYLmgC=E=ji1O_Cx_cDgBQAOOw@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>, Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/LSrAA3jsRs1mu5fSkYv5rBt0K2E
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, cfrg@irtf.org
Subject: Re: [Cfrg] [http-auth] Fwd: Another PAKE question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 18:30:53 -0000

Watson, Sorry, I completely missed this mail in the pile of unread mails.

# Thanks Yoav, your comment in WG reminds me and help finding out of this.

AFAIK, putting the transaction history into the calculation is
already embedded as the values t_1 and t_2 described in
the algorithm in
<https://tools.ietf.org/html/draft-oiwa-httpauth-mutual-algo-01>,
Sections 2.2 and 2.3.
Isn't this t_1 and t_2 (put into the calculation of z) suffice for the purpose?

My understanding is that the functionality what Watson mentioned is a
fundamental requirements for all PAKE primitives, and
is already embedded in the specification of such primitives' layer.
If this assumption is not, or if we need to protect more values than
the values appear in the cryptographic primitives, I agree that the
functionality
should be again implemented in the layer of the "HTTP Mutual authentication".
In such case I will do it with our cryptographer colleagues.

Sorry for the very late reply, but I'm very happy if you can help me
better understanding of this issue.


2014-01-10 0:24 GMT+09:00 Yoav Nir <ynir@checkpoint.com>om>:
> Hi.
>
> CFRG has recently had some discussion about PAKEs in general. I have asked
> them to take a look at MutualAuth. This is one of the replies that we got.
>
> Yoav
>
> Begin forwarded message:
>
> From: Watson Ladd <watsonbladd@gmail.com>
> Subject: Re: [Cfrg] Another PAKE question
> Date: January 9, 2014 4:57:19 PM GMT+02:00
> To: Yoav Nir <ynir@checkpoint.com>
>
> Why is this protocol secure?
> I would recommend taking the z, and computing a hash of z and the
> transcript of the protocol. In
> this way under the ROM, the computed value doesn't reveal information.
> It ensures that any
> manipulation of the messages leads to different z values.
>
> I'll try to think of ways to make a proof given that change.
> Sincerely,
> Watson Ladd
>
>
> On Wed, Jan 8, 2014 at 10:09 PM, Yoav Nir <ynir@checkpoint.com> wrote:
>
> Hi
>
> I almost feel like I'm asking for trouble after the roast that Dan went
> through, but some on this list might want to consider another PAKE going
> through an IETF working group.
>
> HTTP-Auth is making experimental authentication mechanisms for the HTTP
> layer. One of those is a PAKE. If people here on the CFRG list would like to
> comment on it, that would be great. We can have some discussion here, but
> ultimately, comments criticisms and suggestions should go to the HTTP-auth
> list (details below).
>
> The draft in question is called "Mutual Authentication Protocol for HTTP".
>
> Link: http://tools.ietf.org/html/draft-ietf-httpauth-mutual-01
>
> Yoav
> co-chair of HTTP-Auth
>
> Mailing list details:
> * http-auth List Information:
> https://www.ietf.org/mailman/listinfo/http-auth
> * http-auth List Archives:
> http://www.ietf.org/mail-archive/web/http-auth/current/maillist.html
> * http-auth Posting Address (requires registration): http-auth@ietf.org
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
> --
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
>
>
> Email secured by Check Point
>
>
>
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth
>



-- 
Yutaka OIWA, Ph.D.                 Leader, System Life-cycle Research Group
                               Research Institute for Secure Systems (RISEC)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <y.oiwa@aist.go.jp>jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]