[CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
"Hao, Feng" <Feng.Hao@warwick.ac.uk> Fri, 24 May 2024 14:21 UTC
Return-Path: <Feng.Hao@warwick.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A4BAC1DA1E5 for <cfrg@ietfa.amsl.com>; Fri, 24 May 2024 07:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=warwick.ac.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UJF98J75dbS for <cfrg@ietfa.amsl.com>; Fri, 24 May 2024 07:21:07 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0711.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0023C1D8753 for <cfrg@irtf.org>; Fri, 24 May 2024 07:21:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CfNl7oOYu2oHVGo6K+PDbDJ+waSsRVvUc6BaEDyLs59gjnoQnsaMZsLQAbdBd0CsU+y71m65cXxzOWw2CNq83yqXPSN/kGGBYIB0RlnKZiMPxg9hDG+rnOqtaPnniVN2dNg1EShzWygHkI8byZcQdJ/xmYgTN3TLb95KQCAU9lcVlKC4P2as30rak0SiijYeobQqF02knMoRLF7Q2VXoB5kkk11nxIrKmqX3xXqEghOXjF1pIn5Q9fguBknr3dXez3jN9eMCTIfPo50TGXMfqnBsW2EmgNv7StHgXf0Eg45rkngX/4TbsTyEqq0YGM7CPgY79+csrKQDJI97sh8LbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RHCGsFws/0noOgtRAteRNLHh3rMxmr+VOTJypb3+dsQ=; b=jgo7l8dzHFr93HjrN8EMilZ2enhWcJVLBcEuP46Va0lQYIf0OtQFXFPR+rQE2Rtw4YDIBvbOK8BATuGxtnuYgWpb39vxm5ivIqT/ZyQOzh6PahaLZsKKTcewGns4LJH/i5qVKGFgSibU4xsyGHx4YROl2HgQU1k5MwEmvTq7+oB69iwpTUMNhi33aPPtJmOUnukyEm3PkpoIpyWNApsUEKbzawWWNDIllotoc9k8lg4cEHKR6JGNCNo3l/mo3l+ULCR5wjck8c6Q8s0uBsn+dEzAda1zl8F4/blE7WIW49PFJiyT9e8KCg+eWy1mYtauYpTZZ1/bMkbntdxHGJzk0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=warwick.ac.uk; dmarc=pass action=none header.from=warwick.ac.uk; dkim=pass header.d=warwick.ac.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=warwick.ac.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RHCGsFws/0noOgtRAteRNLHh3rMxmr+VOTJypb3+dsQ=; b=irKZ6AiRJh21rffiXYXD//OBZLOwfnpemwKdL9CGUKZ7Y/k+CMnz0VecEiyIelYXqL1yEWR+xbHhs3LAhQiEpEK23ckJkYI0ZwbnQjjEPIZbQvEVO73DYjPiKbJmguu7HK+DovnIxf7dhpzb4e386tNk2cUXNvf94BEegbiY3rc=
Received: from GV1PR01MB8436.eurprd01.prod.exchangelabs.com (2603:10a6:150:1f::14) by GV1PR01MB8484.eurprd01.prod.exchangelabs.com (2603:10a6:150:23::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Fri, 24 May 2024 14:21:01 +0000
Received: from GV1PR01MB8436.eurprd01.prod.exchangelabs.com ([fe80::ad9e:98b7:f953:1388]) by GV1PR01MB8436.eurprd01.prod.exchangelabs.com ([fe80::ad9e:98b7:f953:1388%5]) with mapi id 15.20.7611.016; Fri, 24 May 2024 14:21:00 +0000
From: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
To: "Riad S. Wahby" <riad@cmu.edu>, Kevin Lewi <lewi.kevin.k@gmail.com>
Thread-Topic: [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
Thread-Index: AQHarVvG6MH7WAQd1EGEhrA7lhZ1xrGmOOUg
Date: Fri, 24 May 2024 14:21:00 +0000
Message-ID: <GV1PR01MB8436B919FE24E2E022639155D6F52@GV1PR01MB8436.eurprd01.prod.exchangelabs.com>
References: <CADi0yUMO+HMNNa5G4OX5O-3YRp77Y7Gdq2-ekQSuF4KnKia8=g@mail.gmail.com> <GV1PR01MB8436D21464504C1007B5C22BD6E92@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUNbiVTe9BaoCFgDaTC06Z1LMAx6q2hJDiWydpy6xFqtRQ@mail.gmail.com> <GV1PR01MB8436B6B6B75DEBC9F1FB30A9D6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUNCkk8Y5dQJH6DjR33cP7KXXrQsmHfA0UDRxjGuoXCaLA@mail.gmail.com> <GV1PR01MB8436DBCC8F5B167B0B44490AD6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUPcyc9oSM4NqWynkWuTPStnD9yqt4XwmAg7c=XjCtik4A@mail.gmail.com> <GV1PR01MB84364908B61E293E46012214D6EB2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUOtSBmCnQMP-MoyzzxF6LZQcrKfo03sN2cNuO6MS74NAg@mail.gmail.com> <GV1PR01MB84361129416DC8B621CAAEDFD6F42@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <y5y4iquyvrao7jtpyc2ycjtz4sg5dbzhrhddz5j6rv3eydyd2o@zy65yreteuoh>
In-Reply-To: <y5y4iquyvrao7jtpyc2ycjtz4sg5dbzhrhddz5j6rv3eydyd2o@zy65yreteuoh>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=warwick.ac.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV1PR01MB8436:EE_|GV1PR01MB8484:EE_
x-ms-office365-filtering-correlation-id: 21af41a3-e1e0-4139-78de-08dc7bfcbc91
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|376005|366007|38070700009;
x-microsoft-antispam-message-info: gh6GxqC60uYtvm8TWSGlS3kcS6Uva0hXFlquqTsooOYUXYBzPWMXxWow2cM0JmeOR/A1ac6klW3BH94PGo5mAs71/3YS2kEsrWT97DMI74LiCYT9q9IzvOgfdlW7cNRQ/z8gJU37K1Fbjo76BFhOeey/YCMKAal+H6hdiEdhnqiqblF1+DQ3/KoYwsMNhNxXAs0IsZV4BN+z2QCdlurLqyf7pJNrPZtjaM2fMjLGkS15n2iJw5Nqsq1BQig+hA9cFpIY0YIK7gpeZIEHLVW5zehJBUvE63nF7cLj+oMRjx7BG5zDBQ07UoSl8iEz6lMy21ro+nSyjrhZ/xqXggi4Myf3cOfw2v69kqDZip8qbNL6fawGpTqcReoLNrVDjODV72f2zhbNqyXuRyH5VfeZHA9isFoB2kU5CjKCUht+oiucnzc+E205JkH49Q21Mkmj3SolE60TX4f4XDBpzpvyrWgyJPCusr9XCI/98kvXdjRqmd1E7/6N3u3ppqaW6iz2jakYHgYF6Ks4uS3oJMga/WXHlJEh13fBCICszT2BuSgLSkP5K+ao+c17/ZqRCYkR30ovchRTCJz4VWjhnrff5GKEYnWO80uGksziD2h8OAQsk2nI0e1INciCIb/ApwpFK2+NMRR0O4Cis0YcFlI9WxlMbgn31NQh4mKALCx0LxBO7WkBki2vZ+ub+j4otZxG6cCZDKMR1IxMVqoxCzsdHLSe99wNfwF7lnL1Ongi1rbg1AZoubJYzSriUmIyfZuKFFg3NsSPIq1AetFg1cJ5L0ugcX5CIOyCpRLnOmC8FUobIpXfoIWEx+pIjXQKcZdFZk2hAvEGuB3iKkaFOV/wkb0/LGA0lR8WbW1YX5kgqnORNz7VQFxeKim6wy5JoAkMw71CIo9oRc0N+Clv2NZdG1/tNSsEFUkVo6NTJcQZCZwj+dXe4COLL0mP5/pxn9uwp/P6dK1wYFOPZ06Tg/pf/bKEGIXQAU1JPvTufTVi1/HdmzBGmacYuxvTidLw0bdGcJX9m3W95wJM6zCui6ln6yzKIIZ49yYb4DmCqPdg5zu6Xi6TH4KT3nxrzgFHCp1OpZjT15iVNDoYR7wk7W5IaAPfgXNHhOa5UeCs3hY1G+2pNcLQuXwNdPC+TSRzBv5kEYJEG8k+vCCdBTew6jjV7iZ0Z8SAMQncTE5vYbsumIUGdygyDVIXGbArMvsONZ+Pf5sgBu9ptfbMXzHGpk8dgmFpaEPmXEhUtUozwlZH6a0LJnC9bGTYJk7dWy8Jx/x21BS2pSJlkqiBtlxANsU7mQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR01MB8436.eurprd01.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(376005)(366007)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iFbub7CcuLAwq4uSri3eY5NL5Q/MbiupL7+B/ABfrOLnrexSO6iiO7hAnVmqh8QkO1OPtwq0CJZ4W3faO6t9CRCGNwvb9wCRoQszoBRkJ4d1CRa4RX0xYMgMu+1zBfhlR+Zx4QWqhSMXIFjsPtYdI/+Rpf8eWijH+o/tOo2InqSHyih24yiUoCiTxATDbk0sTWtZJI7zoR7KJdf0B+EPy2OmVsNCyjrfmasDYn3vKEPLsgpq3zIgBbzEd7izivTGosxoq/CJH1gKsbDHCUaR+7NVmWO0e49/djvggyTzv+k20BMFn83V6m+3peoGz//jmt+ILAFat0RHAtfRw5puIv9fZE5Puc2u9E/U7kjvVwiBYv3v5Sm6W2EsPyfVNKv45yx/gAVW14G1+uig/xBIzG1+Qgtvv7OoWDRC9tyWvqdxUVzPDWl57Svqh06E5DVas8QKY1UKC+Fk+w4GF6FLwJzPzoZdDTmO30myUqX9wS+UG1b+A11wssSqC/O3c/1H1BDrDnni4KZjQVlXGFAqNrf3BAaM0zCPUFSP8vfNfs7pnZSiCEm9T4Hd10xKNEkoSA84V40T3Zyf81xZdZ17xaVWFmgoQwW9qJESQKQF3CE8HrkfLwTexrctVqFle9cd6XFlLXL9xsh3O8VqnNReQpKiy9yEE/rAWtkN88TgtSzfsCdBig5+y7XM/dUbBLrFenkZPxWKK/DaX/eJWTIpiWDKzoXvJw2nLJPNM9Utuc2MoAu5KfYgdWOu4m+Vyuu3GBbXEeKtq/pKvhGG/AkjLpwJYnyic206RivVShhsxkYbRLHMIX2QsUvQRMM4LRGSd+eG0Bbuxc6BF1jUXLTeKWK+4tk/69ShzoQnRc82JKPs5vx/85pBInFWieS3opJp/kEACJkfmwSxnCYBd17swR2LhCWlwvcdcX0emE4ORLRQr/8JohAQIPrNOkizcaYwZbzh300gH6Avfqyltp499BFNn18gsLtEP2AqQrs86uvwZQYgWl7/sH+ILUCIFAEu+w/vYzjGoUOYaacOUWVTjT0Du0sxHUc2/djjbFKAEtohGmhFLAkvuSOFmKY4GAobn1E5T2x/o4ajCv9XW/cMN4dSiqbhsgoBo87/vtXJW1WWjhYVcj27gidx3cAozoa5/AyM1kNdOwStUsKA/6622Zz+9oiidrfBKU+U0dXDmJRT7PNYOyJERKtuTGR7EvqKQvmbu3lwHWg0eaZZt53MUczeFKpHi589Pi6vqlwyyI5ypsaGrBUSHNx3vVM5CA0VEktLfz88Pa0JxW7BpE6+FtiqJXx4Q0siU30AOUfgOuUAinx07+zTLRArrZgHn21uxNYct4FiPXQbPE+ejsCSNawlhHDaHzHdHPlM49eMUhRkrO76Nv6NLZRJ0L/hsfp6G7Igpcv5imZ6go4EaHuzLtg1nmktriB1drAIt2j+74UtsiZtuBqnLBI5guoXssOX85HLYD/AivtzCZHjW4RTZswpvKxjgf8GlngT4kMLJ5I1tSWfS6MqBni/c+X98f9MmNqfnpgBEsWMvgwgDcMhkK7jwK92ExWjtiP7c3iiMBVrVp0/pGMzKG8dv7tVl1T02txPAI59Arl7M/TCAw+XhQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: warwick.ac.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV1PR01MB8436.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 21af41a3-e1e0-4139-78de-08dc7bfcbc91
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2024 14:21:00.5287 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09bacfbd-47ef-4465-9265-3546f2eaf6bc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eLxmFjYkCIWPOCUJXzqWwWKnpAwIscE89I3kxIUz3fyCN15ApZvPlAsHnjHQoRX6GXTn9dao1bq4H8HXXiztjEp1fx36ZdZzMkpTaQTxsD4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR01MB8484
Message-ID-Hash: NH6YVLQK34QT4RUGMNBRMZPNOWO667QJ
X-Message-ID-Hash: NH6YVLQK34QT4RUGMNBRMZPNOWO667QJ
X-MailFrom: Feng.Hao@warwick.ac.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IRTF CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi Riad, Kevin, Thanks for your comments. I will reply to you both here. @Riad, please note that the undetectable online dictionary attack is different from the (standard) online dictionary attack. The "completely standard attack detection heuristic" applies to the latter only. For example, SRP-6a is not vulnerable to the undetectable online dictionary attack. The standard rate-limiting measure used in SRP-6a will not work in OPAQUE. @Kevin, you proposed adding mitigating measures to the implementation rather than directly addressing the weakness in the protocol. I don't think that's the right approach, but this is only my personal opinion. @Both, have a look at the robustness principles for public key protocols by Anderson and Needam at CRYPTO'95 (https://www.cl.cam.ac.uk/~rja14/Papers/robustness.pdf) in particular, "Principle 3: Be careful when signing or decrypting data that you never let yourself be used as an oracle by your opponent." Here, OPAQUE lets the server be used as an oracle (without client authentication). This violates this principle and is dangerous in my view. Again, have a look at SRP-6a, which doesn't have this problem, so you can compare side-by-side. There are many similar examples of protocol failures explained in Anderson-Needham's paper and good lessons that should be learned. Regards, Feng From Riad > What you are calling complicated is in fact a completely standard attack detection heuristic. Password-based authentication should always be rate limited because passwords may have low entropy. When an attack is detected, some flavor of rate limiting must be applied. This is true even when the attack is detected via a mechanism that can distinguish between attacks and network failures. > So your point is really just that one could sometimes avoid rate limiting by distinguishing between attacks and network failures, and that doing so helps clients with bad network connections. This is nice, but it's not a security property: deciding not to rate limit when the server detects a network failure is more reasonably categorized as a mild optimization. > And it's not obviously a useful one. As anyone who has an SSH server on a public IP knows, the vast majority of failed logins are attacks. So in any case if I were deploying a network service I wouldn't relax my rate limiter for network failures. First, this is unnecessary optimization for a rare corner case. Second, I am not at all convinced that "authentication succeeds and network drops repeatedly" isn't just another flavor of attack. Tarpit first, ask questions later. From Kevin > Hmm, I don't think I would characterize the situation you describe as an undetectable online dictionary attack, or a security concern, for the OPAQUE protocol itself. This would only be an attack surface if an application server built on top of OPAQUE chooses not to track password authentication attempts, and optimistically assumes that a client not responding after the second message means that they "dropped out". But, if the server treats all incomplete message exchanges as authentication failures, then there is no attack; only the risk of legitimate users being locked out. > However, for this latter concern, there are a bunch of things that the server can do to mitigate this risk. For instance, the server can raise the threshold of allowed password attempts from a single IP address/device to a larger number (say, 20) before the client is locked out. It might be very unlikely that a legitimate user attempts to connect 20 times, successfully receiving the second message but failing to transmit the third message each time, though of course this depends on the application setting. For servers that wish to tolerate a smaller threshold (say, 5): if the client drops out after the second message, they can cache the first message and replay the first message again to the server. If the server also caches their response to the first message, then this allows the server to simply return the cached second message without having to regenerate it. Now of course this may not apply to some application scenarios if it is not possible for the client or server to keep these caches around. But I wanted to highlight some of these options as they provide alternatives that can be addressed by the application layer. > At any rate, we do not think that this requires changing any part of the OPAQUE protocol (for example by adding a fourth message) to handle this. Hope that makes sense!
- [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Russ Housley
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stefan Santesson
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 stef
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 stefan marsiske
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Campagna, Matthew
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev