IETF Logo Mail Archive

Re: [Cfrg] OPAQUE

"Valery Smyslov" <smyslov.ietf@gmail.com> Wed, 27 March 2019 16:31 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEB3120301 for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 09:31:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOnJnb-muSNT for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 09:31:23 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D0C11202FF for <cfrg@irtf.org>; Wed, 27 Mar 2019 09:31:23 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id w10so19353780wrm.4 for <cfrg@irtf.org>; Wed, 27 Mar 2019 09:31:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-language:thread-index; bh=H7K0bQ1F92GHPR2vDNEWr0dqsj3MGliKQZpq3J6ewUY=; b=rTEICnTiUNrJIUnZw6l1teoS6lXqtcESAq+1OaxRZYtKFij0BxU7vh254IFvGuHorO F89zv/tOSLVUZWGaQfnMtRpnX6j1lEwUtRaHadHh6K6zsOFxZNYmvlCj/jhWYTClLfS+ NfKobEqqKdZ2PafM07/+vTN4WBiBgMwrjMe+0x487vHwkyG2ubMUNgwRx4zPdF6eE+qK feL7ntHtCsOx/MC/ZrNI/vwAcvz8qH2rphizQakTpn9YjSxiIGfNwIN6MZHk5cIr8OZs xJclumv1jpkaDroSEKH3hmqZ9W3iEGpTtdSNgGRpCXQz6IEJgj1n6lsnWNPtsyCmkJXC OF9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-language:thread-index; bh=H7K0bQ1F92GHPR2vDNEWr0dqsj3MGliKQZpq3J6ewUY=; b=qw09Y/I/vREloO9dJHTCv/lpldYZQ2SvPmPWhD1svdEQ5Mk0QPwkx9ASOQ5vZ16Tue pPE5Y1mHLKr11LcVhxeCFWWyIGDiTy7kVomcua6jCnLHZmJQZTOHSY3zSrfzZ5qI5L3W 4gsSMKq6RgB48jka12OUnJE3knxcICCDju3SrDdko3id0T9Pf60thmbXTYPs8R3LwPEn uTSCtpLh/xqGf4PHj/3o5172x90fCrTJS59Juu3eTKd2xsrRSfEE73uIpSCcEDOxiWa1 EAOZcwzdRsROUOwQ2BXb7Ob6PU9ULNZ3o0d4+te7gHQPv+Jmccb3UbqTmZEo/31tTxDg yTXQ==
X-Gm-Message-State: APjAAAV1FmiY9BgCfoRNI6lDw87aCbxITn4mJQkh56qt/7lD6iZwTvrF Z8VlvLbL77G6amLbpcGptNKaGTBwuB0=
X-Google-Smtp-Source: APXvYqxOeWUj1k7UXU1f3yuA2KuJVooRW/J43dTAdsjyZRdauea+1WpusiINuUYRvlvToqAjbA8ndQ==
X-Received: by 2002:adf:efc3:: with SMTP id i3mr21447511wrp.92.1553704281416; Wed, 27 Mar 2019 09:31:21 -0700 (PDT)
Received: from svannotebook ([2001:67c:370:128:2818:1f34:28de:d2ef]) by smtp.gmail.com with ESMTPSA id f128sm638630wme.28.2019.03.27.09.31.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Mar 2019 09:31:20 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Dan Harkins' <dharkins@lounge.org>, cfrg@irtf.org
References: <CACsn0ck_VbSNCDvYQXzuhMLqgO5R_cwPzMaMmQrENdv4D2=UAg@mail.gmail.com> <b0ac5609-6050-9def-fc8e-e23fd5c3177f@lounge.org>
In-Reply-To: <b0ac5609-6050-9def-fc8e-e23fd5c3177f@lounge.org>
Date: Wed, 27 Mar 2019 19:31:20 +0300
Message-ID: <00d301d4e4ba$82febe90$88fc3bb0$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D4_01D4E4D3.A84F51F0"
X-Mailer: Microsoft Outlook 16.0
Content-Language: ru
Thread-Index: AQGozH7Mxkbza6zCasif6FBMAPZrKwKxMMUepmJSE4A=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/M3f180CpHbeCQzwkyh5UjKKW1AI>
Subject: Re: [Cfrg] OPAQUE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 16:31:26 -0000

Hi Dan,

 

it depends. Don't forget about EAP-based authentication in IKEv2,

that is clearly client-server oriented.

 

Regards,

Valery.

 

From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Dan Harkins
Sent: Wednesday, March 27, 2019 5:46 PM
To: cfrg@irtf.org
Subject: Re: [Cfrg] OPAQUE

 

 
  But OPAQUE is augmented and that won't work for IPsec. IPsec, well IKE
actually, needs a balanced PAKE because is not client-server, either side
can initiate.

  regards,

  Dan.

On 3/27/19 6:41 AM, Watson Ladd wrote:

Following up on the conversation: OPAQUE can include auxiliary data along with the private key in the encrypted bundle sent in the first round. This may be useful for IPsec for instance as you can insert client  configuration data there as well. 

 

This is an advantage that might be interesting. 

Sincerely,

Watson

 





_______________________________________________
Cfrg mailing list
Cfrg@irtf.org <mailto:Cfrg@irtf.org> 
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email