Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Dan Harkins <dharkins@lounge.org> Thu, 28 March 2019 03:21 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8843C1201AC for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 20:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KJZeojFreYWe for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 20:21:56 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70677120199 for <cfrg@irtf.org>; Wed, 27 Mar 2019 20:21:56 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-93-146-89.san.res.rr.com [76.93.146.89]) by wwwlocal.goatley.com (PMDF V6.8-0 #1001) with ESMTP id <0PP200F5W40JCA@wwwlocal.goatley.com> for cfrg@irtf.org; Wed, 27 Mar 2019 22:21:55 -0500 (CDT)
Received: from dhcp-95c4.meeting.ietf.org ([31.133.149.196]) by trixy.bergandi.net (PMDF V6.7-x01 #1001) with ESMTPSA id <0PP200DEC3ZCR6@trixy.bergandi.net> for cfrg@irtf.org; Wed, 27 Mar 2019 20:21:14 -0700 (PDT)
Received: from dhcp-95c4.meeting.ietf.org ([31.133.149.196] EXTERNAL) (EHLO dhcp-95c4.meeting.ietf.org) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Wed, 27 Mar 2019 20:21:14 -0700
Date: Wed, 27 Mar 2019 20:21:52 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <1553736624935.91034@cs.auckland.ac.nz>
To: cfrg@irtf.org
Message-id: <1d3ea68e-4a7e-1dbd-9c1f-2337afd59676@lounge.org>
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252; format=flowed
Content-language: en-US
Content-transfer-encoding: 8BIT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=31.133.149.196)
X-PMAS-External-Auth: dhcp-95c4.meeting.ietf.org [31.133.149.196] (EHLO dhcp-95c4.meeting.ietf.org)
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <CAHOTMVJ2StG-wv6FRMescF=0PiZ4ei-MA0H+EV3QNiCb8yGFCQ@mail.gmail.com> <4831964a-19de-2c33-bd6d-de33a2c63276@lounge.org> <CAHOTMV+33wipA5gtF16bHSZNs_edFiyZuDVj+kv28FRXcUJw3A@mail.gmail.com> <c4eeb0fe-c6e6-47f4-6569-376a53a06a53@web.de> <1553736624935.91034@cs.auckland.ac.nz>
X-PMAS-Software: PreciseMail V3.3 [190327] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SM9qroJ7DlNDJ5n_DAxAPjQxJpE>
Subject: Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 03:21:59 -0000

On 3/27/19 6:30 PM, Peter Gutmann wrote:
> Björn Haase <bjoern.m.haase@web.de> writes:
>
>> Were the points I mentioned above regarding problems with dragonfly
>> considered beforehand on this list? I would believe that these points are so
>> obvious that getting consensus on these aspects among implemention-oriented
>> cryptographers would be easy to establish.
> There's also the recent "Here be Dragons: A Security Analysis of WPA3’s SAE
> Handshake", with the telling comment:
>
>    We consider it very concerning that a modern security protocol is vulnerable
>    to our presented attacks. Equally troublesome is that some of our attacks
>    could have been prevented, if the designers incorporated all criticisms that
>    the Dragonfly handshake received while it was being standardized.
>
> The problem with Dragonfly was that it was published via the IRTF rather than
> the standard manner of publishing at an academic conference, doing an end-run
> around the academic peer-review process, and that many of the issues pointed
> out were simply ignored, with the consequences being as per the above comment.

   WPA3'S SAE handshake was standardized in 2007-2008. When was the 
dragonfly draft
presented to the IRTF? Hmmm? 2013, that's when. That paper has some very 
good
criticisms of SAE but none of them were brought up in 2007-8 or even 
2013-15.

   So explain to me exactly which criticisms were received in 2007-8 
that were not
addressed?

   I'll wait.... For your list or a retraction of your busted narrative.

   Dan.