Re: [Cfrg] Wi-Fi Alliance Device Provisioning Protocol (DPP) - Draft Released for Public Review and Comments
Paul Lambert <paul@marvell.com> Wed, 31 August 2016 19:04 UTC
Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5B612D6A5; Wed, 31 Aug 2016 12:04:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19q_y6YOMM1h; Wed, 31 Aug 2016 12:04:05 -0700 (PDT)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03F4712D6A2; Wed, 31 Aug 2016 12:04:04 -0700 (PDT)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u7VJ2bRo005764; Wed, 31 Aug 2016 12:03:56 -0700
Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 25651u009m-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 31 Aug 2016 12:03:55 -0700
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 31 Aug 2016 12:03:53 -0700
Received: from SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6]) by SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6%21]) with mapi id 15.00.1104.000; Wed, 31 Aug 2016 12:03:53 -0700
From: Paul Lambert <paul@marvell.com>
To: Dan Harkins <dharkins@lounge.org>, Andy Lutomirski <luto@amacapital.net>
Thread-Topic: [Cfrg] Wi-Fi Alliance Device Provisioning Protocol (DPP) - Draft Released for Public Review and Comments
Thread-Index: AQHSAxd8feDlzRT1DkO/Rm6efoKJcaBiPCcAgADJ0ICAAGitAA==
Date: Wed, 31 Aug 2016 19:03:53 +0000
Message-ID: <D3EC658C.9C3D4%paul@marvell.com>
References: <b6b2e03faf504238b8681284fc72a1dd@SC-EXCH03.marvell.com> <CALCETrVmSHv9=aNZYudU012UhuSNSJJaZX2CFa++o4nYA=WtPg@mail.gmail.com> <D3EB69B5.9C1EE%paul@marvell.com> <a120d8fb-c493-c6ea-fdd8-8ab9ebb7e5f4@lounge.org>
In-Reply-To: <a120d8fb-c493-c6ea-fdd8-8ab9ebb7e5f4@lounge.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.94.250.30]
Content-Type: text/plain; charset="utf-8"
Content-ID: <0A447037E3431B44AC619319F53C97A7@marvell.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-31_04:, , signatures=0
X-Proofpoint-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 impostorscore=0 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608310228
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/RxtSj1mRwMZ-Ic5OtDBxjcoBROM>
Cc: "t2trg@irtf.org" <t2trg@irtf.org>, "cfrg@irtf.org" <cfrg@irtf.org>, "adrian.p.stephens@ieee.org" <adrian.p.stephens@ieee.org>, "lear@cisco.com" <lear@cisco.com>
Subject: Re: [Cfrg] Wi-Fi Alliance Device Provisioning Protocol (DPP) - Draft Released for Public Review and Comments
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 19:04:06 -0000
>> >> The specification for PKEX is available in two parts: >> 1) the base SAE protocol is described in IEEE 802.11 >> >> http://www.ieee802.org/11/private/Draft_Standards/11mc/Draft%20P802.11RE >>Vm >> c_D8.0.pdf > PKEX has nothing to do with the SAE protocol. PKEX is a direct extension (PAKE+Auth) of the PAKE processing used by SAE. >And it is not even in the >draft REVmc document you refer to. PKEX uses cryptographic processing defined by SAE in REVmc (some open documentation of SAE is in RFC7664). One specific example is the definition in PKEX of the “PWE”. The PWE is used in the 802.11ai specification, but the definition of the acronym and the cryptographic processing is contained in the IEEE 802.11mc specification. The PKEX text (Section 12.7.12.4.1 Initial provisioning for PKEX) references text in 802.11mc (Section 12.4.4.2.2 Generation of the password element with ECC groups) that defines the detailed processing of hunt-and-peck algorithm for the PAKE processing (Section 12.4 Authentication with a password). PKEX and SAE share the same text for “Authentication with a password" Yes, PKEX is not in 802.11mc, but it refers to very significant processing defined in 802.11mc. Yes, PKEX is not SAE, but they share the same underlying PAKE cryptographic processing To understand the PKEX cryptographic processing you MUST have access to both 802.11ai (188 page specification) and 802.11mc (3,774 page specification). This is a very large issue for the casual reviewer. Even with both specifications, parsing out the cryptographic processing from the verbose 802.11 document is difficult. ... >>>> A well designed short authentication string system (e.g. ZRTP's) >>>> should have no such issues. >> Interesting Š yes, a short authentication string is good idea for some >> user cases (Rich-UI device to Rich-UI device). I¹ll look at it some >>more Š > That is exactly the case here. A short authentication string is used to >bootstrap trust in a peer's public key. ZRTP defines a short authentication string (SAS) as a unique string derived from a shared secret created by a DH exchange. Users may validate the correctness of the string on both ends of the channel. A PAKE requires a preexisting shared secret that must be exchanged in an out-of-band manner. A PAKE is not a SAS and each has significantly different system and user experience implications. Paul > > Dan. >> Paul >> >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Wi-Fi Alliance Device Provisioning Protoco… Paul Lambert
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Andy Lutomirski
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Paul Lambert
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Dan Harkins
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Paul Lambert
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Andy Lutomirski
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Dan Harkins
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Dan Harkins
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Andy Lutomirski
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Dan Harkins
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Paul Lambert
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Andy Lutomirski
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Andy Lutomirski
- Re: [Cfrg] [T2TRG] Wi-Fi Alliance Device Provisio… Paul Lambert
- Re: [Cfrg] [T2TRG] Wi-Fi Alliance Device Provisio… Andy Lutomirski
- Re: [Cfrg] [T2TRG] Wi-Fi Alliance Device Provisio… Dan Harkins
- Re: [Cfrg] [T2TRG] Wi-Fi Alliance Device Provisio… Andy Lutomirski
- Re: [Cfrg] [T2TRG] Wi-Fi Alliance Device Provisio… Paul Lambert
- Re: [Cfrg] Wi-Fi Alliance Device Provisioning Pro… Dan Harkins