Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Tony Arcieri <bascule@gmail.com> Wed, 27 March 2019 16:38 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 837EE120285 for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 09:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEaavgbDUjQv for <cfrg@ietfa.amsl.com>; Wed, 27 Mar 2019 09:38:02 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B2891202FC for <cfrg@irtf.org>; Wed, 27 Mar 2019 09:38:01 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id f10so15497245otb.6 for <cfrg@irtf.org>; Wed, 27 Mar 2019 09:38:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3dEDGDxNLYXu3HcryqPS/UkIAJVtP45PZyhrm7WTipY=; b=j6RpI85igHIuAKAowfvA0wJB0I6nEMlRBJpNlWX/mnyC6NBcLOvjpwc2H2GRCmKIkD osvpGrDLoRUpw7jPcJ+1d4cukWMvLi9+b2VS/OoTAkrGEWbnz1Z/ZDBAyel4qdR4jIDW KsYc1DQV2pWd/buLNS5CHKn/uT7NXWeru7pNpPy3c6zJfJqiCQik0UcUzfCAQ5rdPg2U w6WyPGGTWlzNEx2Y60FpL3L5HuFb+JKyHwuelZZjXYH6yP3j+VXu2ngikw2TN407yK/A q8k6//Tn4d2uyWgHOWWRtHDW+hGSPWSS0nPCPxBw6wlZ27dJKfUjMX8nqOvnaK8r82ph RRsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3dEDGDxNLYXu3HcryqPS/UkIAJVtP45PZyhrm7WTipY=; b=NXw/prvy2BSgOpQSojOU2KBLdeTZrHV5T6v1E6Wsuan0WuLoCSG1s31nQtxILhYZYP KC5XzgqONhovh55jCz7xwU+TBi67teg1JOL7rLBZfeLHfEl9vyHyeu0YLDx+kcgXiQTM F5UHipXjE6vzQyyVlgYgEGNqFTRMtFADqITJDTZExinVamG31e5sKuRZa5jopnH9TAKP rKGEIFhh4LdqXF5v8b+zhdT4x4cN3whHgdo3ltMxWLfw+DSyOuCevQmj+yUgRMRwd+U3 qmlmU1exDQXFdfNYYO5g4yX9dNrYLcFhCCVUB62BHLr836leBAnN4QrZ03Gedz5X1JMI fPpQ==
X-Gm-Message-State: APjAAAWIP7/XJXSdczbmF8ojMidrMyg6Vdc3lDv2a5mfkKQWzKnZonhg Wfzn3VcSKggusPqL6uekc60cPjoIhIIPYvK3ZnMkig==
X-Google-Smtp-Source: APXvYqxXrBgUfQNlqaSvFGfV6NcUtBDrvK/pkl8WA92Eem3iWTk8jGH9wJo33gfmDb4Mj+K+NPX5C5UITxzTNUO6Wyo=
X-Received: by 2002:a9d:1b2b:: with SMTP id l40mr7304852otl.365.1553704679169; Wed, 27 Mar 2019 09:37:59 -0700 (PDT)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <CAHOTMVJ2StG-wv6FRMescF=0PiZ4ei-MA0H+EV3QNiCb8yGFCQ@mail.gmail.com> <4831964a-19de-2c33-bd6d-de33a2c63276@lounge.org>
In-Reply-To: <4831964a-19de-2c33-bd6d-de33a2c63276@lounge.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 27 Mar 2019 09:37:48 -0700
Message-ID: <CAHOTMV+33wipA5gtF16bHSZNs_edFiyZuDVj+kv28FRXcUJw3A@mail.gmail.com>
To: Dan Harkins <dharkins@lounge.org>
Cc: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000007ce35b0585160f47"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UGJfz6d5a7LMZRedUGLbPmuXZx8>
Subject: Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 16:38:05 -0000

There is, if nothing else, some confusion around the IETF's relationship to
Dragonfly, both within the WiFi Alliance and by tech journalists. Some
examples:

https://mailarchive.ietf.org/arch/msg/cfrg/lNFkQxnCQpi7dEX6cNI0ewZAuGw

Also note individual submission:
> https://tools.ietf.org/html/draft-harkins-salted-eap-pwd-02 EMU and
> Security Area review incorporated, IETF Last Call pending.. Related draft
> (will be RFC 7664), see
> https://datatracker.ietf.org/doc/draft-irtf-cfrg-dragonfly/ .


https://www.darkreading.com/operations/wpa3-brings-new-authentication-and-encryption-to-wi-fi/d/d-id/1332145

WPA3 Personal authentication is a process called a simultaneous
> authentication of equals (SAE), which comes from the *IETF Dragonfly*
> <https://tools.ietf.org/html/rfc7664> key exchange. Robinson says that
> with SAE, the authentication requires interaction, and only after
> authentication will the keys be generated. This makes attacks that depend
> on cloud-based server farms and automated key attempts unavailable to
> attackers.


https://www.eweek.com/security/next-generation-wpa3-wifi-security-standard-launches

"SAE uses a Dragonfly handshake defined in the Internet Engineering Task
> Force (IETF) RFC 7664 specification and applies it to a WiFi network for
> password-based authentication," Robinson explained. "The Wi-Fi Alliance
> WPA3 specification defines additional requirements for devices operating in
> SAE modes."


>From what I've observed, the IETF's name seems to end up attached to
Dragonfly quite a bit. Curiously in these quotes, the CFRG and IRTF aren't
mentioned at all. Perhaps this speaks to a more general problem around
public perception of RGs and informational RFCs (or lack thereof), but when
I read quotes like this, they sound to me like many people's perception is
that Dragonfly is a standards-track IETF RFC.

Issues like educating the tech press and trade associations on the
difference between the IETF and IRTF and the difference between
standards-track and informational RFCs aside, I think the main thing the
IETF could do address these concerns is actually create a WG dedicated to
producing a standards-track PAKE for similar use cases. PAKEs are certainly
a hot topic these days, both on the CFRG (see OPAQUE thread this morning)
and in cryptography in general.

-- 
Tony Arcieri