IETF Logo Mail Archive

Re: [Cfrg] I like PKEX

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 16 November 2017 07:23 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2DC312894A for <cfrg@ietfa.amsl.com>; Wed, 15 Nov 2017 23:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-B1vpN1UnX8 for <cfrg@ietfa.amsl.com>; Wed, 15 Nov 2017 23:23:55 -0800 (PST)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5772512950A for <cfrg@irtf.org>; Wed, 15 Nov 2017 23:23:54 -0800 (PST)
Received: by mail-qt0-x236.google.com with SMTP id 8so40396930qtv.1 for <cfrg@irtf.org>; Wed, 15 Nov 2017 23:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rteTuh4VE1dVJAvC7Lkfg5T7gW0Ie9Dop+3B3N95hTo=; b=iOwhrHMXYOPd0mE3hSAJ7NEbwoUBFRVkD7NfoikSKhxYGL6HEIJgOewiPyXVcxfsnW tELmap22ZRzXFzPug0W6BftEWIBwZrQ8GljFbGCrcKvHiliVmKMUH0ITD2f56u8p6ibO qYJ/67h9oCmqDM++L3gcxu9ZFCKEu3kC8hp9erwozf4ukph9gjUl06gcFPhgqePdMxKb X4hsbxqd+pUSest9bRixl+IJ6tXr3VfebhUJ/FlrLX838BUcYBAFRxOSaEsHVM2NLNyN DRDoaXLFqa0z2fNUhoNLp3gaK4mW7QlvQ2ludAmMzjJPaGkQGtIOdeSLTfAv24oQTUFI 2COQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rteTuh4VE1dVJAvC7Lkfg5T7gW0Ie9Dop+3B3N95hTo=; b=DrLeRRx8tqllyqPTRuJhnfrp9BBF9Kc0HwspGj0Hr0umhYJnbWDQcdIesxLIcwlS2a +rRsC12X/qN0zeu5PteTo4Xp2Mj1kspCtgHGGCkGOQJxk4Xvv0uXPzJKrnIhP7FouwqV 37qT0gmiLqW4UcHKabtAQwsy0UbycR04utQxyqmEZmz7AlXQhGbrq5W/blQdnaB+9JBa 6w00MFTLwPRd/h9HmYIYHKI8YeBzbf9+8cze24qH4ky3jvoOvgT/hnitPcZyDGx6nwCb RAzlOE1cz+6Ie9OZ831cHIJ+37Oh4asN+UflYSxO9v0GRtc0tRTdG7uI0YpBv5W54RsM TviA==
X-Gm-Message-State: AJaThX6VQ8cQhVRZuNgd/Oe9sCVx8N9euYPrmJBR6ahYWsfy+ZpDg2XJ +7GX8RtsjEzYxB67cHClo4wyABEfyWur/nFTuyU=
X-Google-Smtp-Source: AGs4zMaqTW0gu+OqzdDH7jsXMQAasm2qebit6OzYwUodAE8Den8QnCaEzUyLwJ1VqbFDHySc5GzQhpJVAVU4suuGtOo=
X-Received: by 10.55.108.135 with SMTP id h129mr1013357qkc.111.1510817033491; Wed, 15 Nov 2017 23:23:53 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.142.67 with HTTP; Wed, 15 Nov 2017 23:23:53 -0800 (PST)
In-Reply-To: <CAL02cgT5hAfoga82Opb20C8sB63Hr4bSxssF+N-o=uPtQCoZZA@mail.gmail.com>
References: <EA0997AC-6EB9-4649-8502-9A185A77760D@akamai.com> <CAL02cgT5hAfoga82Opb20C8sB63Hr4bSxssF+N-o=uPtQCoZZA@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 16 Nov 2017 15:23:53 +0800
Message-ID: <CAMr0u6mP8pscKSBwTxrFYaRvCqAvHKFEwai8m4GbWcNwhkA1Jg@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: "Salz, Rich" <rsalz@akamai.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="001a1148809a9a2005055e1480b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QEL-u8jKtVC-fl6HEJ5UvAF8AF0>
Subject: Re: [Cfrg] I like PKEX
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 07:23:58 -0000

In fact, PKEX (password-authenticated key exchange protocol by Dan Harkins,
https://tools.ietf.org/html/draft-harkins-pkex-04 - for Richard), as all
secure PAKE protocols can help to upgrade most cases of authentication,
when some shared secret (password or, as in Rich's example, an account
number), to solutions which do not require having a primary trust to
someone you're authenticating to.

I'd also like to see PAKEs in the messengers, as I commented during the
CFRG meeting yesterday.

2017-11-16 15:21 GMT+08:00 Richard Barnes <rlb@ipv.sx>:

> Sorry, what is PKEX?
>
> On Thu, Nov 16, 2017 at 3:11 PM, Salz, Rich <rsalz@akamai.com> wrote:
>
>> I think the PKEX stuff is very interesting.  It inverts the trust model
>> used on the Web.   Suppose I want to do some online banking with
>> mybank.com. My browser checks the server cert, and decided to trust it
>> if the CA verifies the identity. I then type my name and password into the
>> website. There is a risk if I end up at the wrong website.
>>
>>
>>
>> With PKEX, I can use my name and password and the bank can use something
>> like my account number or other similar info, and we exchange and get a
>> shared secret. We then use that secret to get an authenticated ECDSA key
>> and then I switch to TLS and get its benefits.  No third-party trust is
>> needed.
>>
>>
>>
>> I think this solves an interesting use-case and it would be nice to have
>> it in our toolbox.
>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
>>
>>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>
>

v2.23.0 | Report a Bug | By Email