IETF Logo Mail Archive

Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-cfrg-dragonfly document status)

"Dan Harkins" <dharkins@lounge.org> Thu, 09 October 2014 22:42 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E31FA1A899B for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 15:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZcAsKU8aiDT for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 15:42:51 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id C34DB1A8989 for <cfrg@irtf.org>; Thu, 9 Oct 2014 15:42:50 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 5B71E10224008; Thu, 9 Oct 2014 15:42:50 -0700 (PDT)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 9 Oct 2014 15:42:50 -0700 (PDT)
Message-ID: <1c121d02a9ec2fc389fa2ca7557d981f.squirrel@www.trepanning.net>
In-Reply-To: <12DDE3BC-524C-4F83-908C-CDDA3D7D88A3@gmail.com>
References: <54357A2A.2010800@isode.com> <38634A9C401D714A92BB13BBA9CCD34F13E26818@mail-essen-01.secunet.de> <54366BA1.1010603@cs.tcd.ie> <D05BF8A4.50927%paul@marvell.com> <12DDE3BC-524C-4F83-908C-CDDA3D7D88A3@gmail.com>
Date: Thu, 09 Oct 2014 15:42:50 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Yoav Nir <ynir.ietf@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/U1LpG4jcUm-_KMiS2-b2HhllRKY
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-cfrg-dragonfly document status)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 22:42:53 -0000


On Thu, October 9, 2014 1:53 pm, Yoav Nir wrote:
>
> On Oct 9, 2014, at 7:55 PM, Paul Lambert <paul@marvell.com> wrote:
>
>>>
>>> I'll just note that there were also voices (incl. mine) saying:
>>> "I really don't care about work on PAKEs. Seems like a waste of
>>> time to me. But go ahead and spend time on that if you wish."
>>
>> +1 mostly.
>>
>> Shared passwords are architecturally problematic.  They are
>> more useable ways to authenticate.
>
> I wish I had a dollar for every time someone said that in the last 20
> years…

  Me too.

  If I got a dollar every time authentication on the Internet involved
a password and I had to pay a dollar every time authentication on
the Internet did not, I would be a billionaire many times over.

>> The Œmostly' is that the Dragonfly draft should be published
>> so it can be used a little better in a couple of specific
>> environments where it is already being wired into systems.
>> Specifically, IEEE 802.11 has the SAE protocol which uses
>> the Dragonfly exchange for mesh networks.
>
> That’s the part I don’t understand. Since the first revision of this
> document, the group made some suggestions for improvement that have been
> incorporated into the draft.
>
> We also have Dan’t message ([1]) describing differences between the 802.11
> version and this draft, including attacks that work on earlier versions of
> this draft that don’t work on the 802.11 version.

  I think you misunderstood my email. This draft was supposed to be a
generic specification for the key exchange underlying an authentication
method in several other protocols. So the point of my mail was to explain
that the attacks mentioned on this list-- the small subgroup attack and
the reflection attack-- are not new, they were known and addressed in the
other specifications, but in my haste to get the I-D out (if you look at the
Acknowledgements section you'll see that it's actually the xml2rfc
boilerplate, it was that sloppy) I did not address them in the generic
protocol description.

  After these omissions were pointed out the appropriate checks were
added to subsequent versions of this draft.

> Given all that, I don’t think this is a document that describes existing
> practice, in the same vein as an SSLv3 document or a PKCS#12 document.
> This is a document describing an entirely new PAKE, so it should be judged
> as such.

  Actually, it now closer to existing practice. It is a generic description
of which there are other specific instantiations of it. There were no
comment resolutions that changed the underlying protocol and to say
it is an "entirely new PAKE" is just wrong.

  regards,

  Dan.

> Yoav
> [1] http://www.ietf.org/mail-archive/web/cfrg/current/msg05210.html
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email