Re: [Cfrg] I updated 3 drafts related to a FSU KeyEX

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 28 April 2016 10:06 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32DE812D619 for <cfrg@ietfa.amsl.com>; Thu, 28 Apr 2016 03:06:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-SPNbRwGlNm for <cfrg@ietfa.amsl.com>; Thu, 28 Apr 2016 03:06:09 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D4E112D616 for <cfrg@irtf.org>; Thu, 28 Apr 2016 03:06:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id ED2A9BE5B; Thu, 28 Apr 2016 11:06:07 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uS3qCn_2Iqnx; Thu, 28 Apr 2016 11:06:06 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.24.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C7B93BE50; Thu, 28 Apr 2016 11:06:05 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461837966; bh=K1u0IjLSlZxRcYe+Y4qn1t9XgZOdwhKnpGQxNeOvSnc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=hTBMHuh232A7WyXctmMpUzBFPoCREu+I0zWxJP9D9D4NkFDdAS4VN/BNk0o52gBbH e+zc/cDvJXPAfBtTuwwm2jnXRplW9/qXsgyNyL+5mM1splqj5rjUnrSRI0sENsvP1P Ab5Wv9v9LwZlfADc4lBDMfFIa1HLWFjbUZhLN/s0=
To: KATO Akihiro <kato.akihiro@po.ntts.co.jp>, Michael Scott <mike.scott@miracl.com>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <57208A04.4070804@po.ntts.co.jp> <7a3f5420-db18-496b-af32-e490bf6d0d80@akr.io> <CAEseHRqYNGhGaA+8HhUFDNxLc2WU=5GJf+om52RRuWwtEHUhmg@mail.gmail.com> <5721D74E.3010407@cs.tcd.ie> <5721DED5.8090608@po.ntts.co.jp>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5721E08D.7060905@cs.tcd.ie>
Date: Thu, 28 Apr 2016 11:06:05 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <5721DED5.8090608@po.ntts.co.jp>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070807050608030009030800"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/MWu_OXhlOHqIGcMUBKyL0dA_uro>
Subject: Re: [Cfrg] I updated 3 drafts related to a FSU KeyEX
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 10:06:11 -0000


On 28/04/16 10:58, KATO Akihiro wrote:
> Hi Stephen,
> 
> At FSU case, the KGC cannot get session key.
> 
> Look the page 7 and 8 of
> https://www.ietf.org/proceedings/94/slides/slides-94-cfrg-0.pdf . The
> session key encrypted ephemeral public key. If the KGC have all static
> secret key, that cannot see session key and plain text.
> 
> There is no key escrow on FSU key exchange.

Eh? Doesn't slide 4 show that the KGC can fake anyone since
it generates their secret keys? That's close enough to mandatory
key escrow for me though sure, perhaps a better term for the
KGC rules-them-all would have been better:-)

S.

> 
> Regards.
> 
> On 2016/04/28 18:26, Stephen Farrell wrote:
>>
>> Hi Mike,
>>
>> On 28/04/16 09:35, Michael Scott wrote:
>>> Maybe the more accurate phrase "n uniquely attractive targets" where
>>> n=2,3,4... doesn't carry quite the same punch!
>>
>> I'm sorry, but for me, it does have exactly the same
>> punch. If there are key generators, they can collude
>> or be coerced. Or even more likely, in a realistic
>> commercial Internet-scale deployment, it's quite likely
>> all of them (even if operated by different entities)
>> may be running on one or two mega-hosting platform,
>> so there may well be only one thing to break into
>> even if it looks like N things.
>>
>>  From my POV, the mandatory key escrow aspect of IBE
>> is basically fatal for all but possibly some small
>> set of niche applications.
>>
>> Cheers,
>> S.
>>
>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
>>
> 
> 
>