Re: [Cfrg] 40 bit loop and DragonFly

Watson Ladd <watsonbladd@gmail.com> Tue, 07 January 2014 18:03 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 748F61AE0E6 for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2014 10:03:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtV2MFZt4uqX for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2014 10:03:06 -0800 (PST)
Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) by ietfa.amsl.com (Postfix) with ESMTP id F1A161AE0E3 for <cfrg@irtf.org>; Tue, 7 Jan 2014 10:03:05 -0800 (PST)
Received: by mail-wg0-f45.google.com with SMTP id y10so472813wgg.0 for <cfrg@irtf.org>; Tue, 07 Jan 2014 10:02:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=cZkape06MEeUlzrMuL2+LWUyV9BKUFNP8emWSqp4HgM=; b=umhRL6F6h+QA4ARwAqUUclQWYp0+824ZdDucnd7MPJr1WHnsNDZwlSuR51U6n2cAXX mJO1fSURzSiMqb4IejuEv8VR5XLtlwA+DBWp35la4/sljOH2qerKUZGjYv+TvwAhd4CP HHRYDKbyyOJvxD7IPuB77+sSiNHGRKsiYuYMR2mce9vgcMH0vh1s4Wew5k/Nc8obepPd 6Y5us1Dc4sr4lvOlSXZdL/RvfeCIqwT0/SwBeYzIw21cVTmmWM2dbxc5ARTUFo78+uKA oNAOk0tMrfcui6MEOHk3J+HxsTo0/PLrgD4fbGBzGPxPrU2a0VKy9nhLwPKJJi2nEvZZ 9paA==
MIME-Version: 1.0
X-Received: by 10.180.94.164 with SMTP id dd4mr17986143wib.20.1389117776670; Tue, 07 Jan 2014 10:02:56 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Tue, 7 Jan 2014 10:02:56 -0800 (PST)
In-Reply-To: <bca887e89b7aa6f7e334884d4d9ced1c.squirrel@www.trepanning.net>
References: <3C4AAD4B5304AB44A6BA85173B4675CABA99F80C@MSMR-GH1-UEA03.corp.nsa.gov> <A113ACFD9DF8B04F96395BDEACB340420B77D4CC@xmb-rcd-x04.cisco.com> <3C4AAD4B5304AB44A6BA85173B4675CABA9A0B90@MSMR-GH1-UEA03.corp.nsa.gov> <CACsn0cm25it9B2OiwJ-mRkGMfmAjG8WLHkyb7CXn6tF1EL9mFg@mail.gmail.com> <CAGZ8ZG1bSSKNsmKWd11_Fvh3XOrS37zaAuJ_L14sM4KBH50+4Q@mail.gmail.com> <9436e5ac51ded5f15545d4d63f1b490e.squirrel@www.trepanning.net> <CACsn0ckGp585Tt+mkk0Bq+c23_ty61SCDgHPJ2KqdhOT77qZaQ@mail.gmail.com> <bca887e89b7aa6f7e334884d4d9ced1c.squirrel@www.trepanning.net>
Date: Tue, 7 Jan 2014 10:02:56 -0800
Message-ID: <CACsn0cnj+nXHuw-3xdRbyCmYWGmq0c9ErQGpsZ36QCKJQGTX8g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: text/plain; charset=UTF-8
Cc: Trevor Perrin <trevp@trevp.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] 40 bit loop and DragonFly
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 18:03:07 -0000

On Tue, Jan 7, 2014 at 9:47 AM, Dan Harkins <dharkins@lounge.org> wrote:
>
> On Tue, January 7, 2014 5:47 am, Watson Ladd wrote:
>> Try writing up SPAKE2, submit it, and see how long it takes to
>> get a good standard through.
>
>   You're the one proposing it, why don't you? In fact, since you have
> previously stated it really only takes 30 minutes to write an
> interoperable standard why don't you do it during your lunch hour?

Because http://tools.ietf.org/html/draft-shin-tls-augpake-01 exists already.
In fact, AugPAKE is necessary to avoid an attacker breaking into my coffee pot
from changing my alarm clock as well. These are critical systems you are
talking about!

Why don't we move this over to TLS, get augpake through, and be done with it.
It satisfies everyone's needs.
>
>> Dragonfly has unfixable flaws relating to its provable security that will
>> prevent me from endorsing it for any protocol, ever. I am not alone in
>> thinking that we should expect more from the protocols we standardize.
>>
>> Also, is this implemented in OpenSSL or NSS or PolarSSL? Not yet.
>
>   ZZzzzztt! Wrong. I implemented it in OpenSSL. That's where Appendix
> A of draft-ietf-tls-pwd came from. In fact, the sample exchange was
> from my EST client talking to my EST server being authenticated with
> TLS-pwd.
>
>> Lastly, if this was needed for EST to work, they should have noticed
>> this dependency, and tackled it head on. That they punted on
>> this problem does not mean it is our responsibility to fix it.
>
>   You use pronouns very loosely. And you exaggerate a bit too much.
> Nobody said it was necessary for EST to work. It's needed for EST to
> be deployed properly in many situations where there is no trust
> anchor database established before the EST exchange is initiated.
> There is a chicken-and-egg problem with needing a certificate to
> get a certificate. Understand?
>
>   Dan.
>
>
>
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin