Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Tony Arcieri <> Wed, 27 March 2019 16:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 837EE120285 for <>; Wed, 27 Mar 2019 09:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vEaavgbDUjQv for <>; Wed, 27 Mar 2019 09:38:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5B2891202FC for <>; Wed, 27 Mar 2019 09:38:01 -0700 (PDT)
Received: by with SMTP id f10so15497245otb.6 for <>; Wed, 27 Mar 2019 09:38:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3dEDGDxNLYXu3HcryqPS/UkIAJVtP45PZyhrm7WTipY=; b=j6RpI85igHIuAKAowfvA0wJB0I6nEMlRBJpNlWX/mnyC6NBcLOvjpwc2H2GRCmKIkD osvpGrDLoRUpw7jPcJ+1d4cukWMvLi9+b2VS/OoTAkrGEWbnz1Z/ZDBAyel4qdR4jIDW KsYc1DQV2pWd/buLNS5CHKn/uT7NXWeru7pNpPy3c6zJfJqiCQik0UcUzfCAQ5rdPg2U w6WyPGGTWlzNEx2Y60FpL3L5HuFb+JKyHwuelZZjXYH6yP3j+VXu2ngikw2TN407yK/A q8k6//Tn4d2uyWgHOWWRtHDW+hGSPWSS0nPCPxBw6wlZ27dJKfUjMX8nqOvnaK8r82ph RRsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3dEDGDxNLYXu3HcryqPS/UkIAJVtP45PZyhrm7WTipY=; b=NXw/prvy2BSgOpQSojOU2KBLdeTZrHV5T6v1E6Wsuan0WuLoCSG1s31nQtxILhYZYP KC5XzgqONhovh55jCz7xwU+TBi67teg1JOL7rLBZfeLHfEl9vyHyeu0YLDx+kcgXiQTM F5UHipXjE6vzQyyVlgYgEGNqFTRMtFADqITJDTZExinVamG31e5sKuRZa5jopnH9TAKP rKGEIFhh4LdqXF5v8b+zhdT4x4cN3whHgdo3ltMxWLfw+DSyOuCevQmj+yUgRMRwd+U3 qmlmU1exDQXFdfNYYO5g4yX9dNrYLcFhCCVUB62BHLr836leBAnN4QrZ03Gedz5X1JMI fPpQ==
X-Gm-Message-State: APjAAAWIP7/XJXSdczbmF8ojMidrMyg6Vdc3lDv2a5mfkKQWzKnZonhg Wfzn3VcSKggusPqL6uekc60cPjoIhIIPYvK3ZnMkig==
X-Google-Smtp-Source: APXvYqxXrBgUfQNlqaSvFGfV6NcUtBDrvK/pkl8WA92Eem3iWTk8jGH9wJo33gfmDb4Mj+K+NPX5C5UITxzTNUO6Wyo=
X-Received: by 2002:a9d:1b2b:: with SMTP id l40mr7304852otl.365.1553704679169; Wed, 27 Mar 2019 09:37:59 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Tony Arcieri <>
Date: Wed, 27 Mar 2019 09:37:48 -0700
Message-ID: <>
To: Dan Harkins <>
Cc: CFRG <>
Content-Type: multipart/alternative; boundary="0000000000007ce35b0585160f47"
Archived-At: <>
Subject: Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Mar 2019 16:38:05 -0000

There is, if nothing else, some confusion around the IETF's relationship to
Dragonfly, both within the WiFi Alliance and by tech journalists. Some

Also note individual submission:
> EMU and
> Security Area review incorporated, IETF Last Call pending.. Related draft
> (will be RFC 7664), see
> .

WPA3 Personal authentication is a process called a simultaneous
> authentication of equals (SAE), which comes from the *IETF Dragonfly*
> <> key exchange. Robinson says that
> with SAE, the authentication requires interaction, and only after
> authentication will the keys be generated. This makes attacks that depend
> on cloud-based server farms and automated key attempts unavailable to
> attackers.

"SAE uses a Dragonfly handshake defined in the Internet Engineering Task
> Force (IETF) RFC 7664 specification and applies it to a WiFi network for
> password-based authentication," Robinson explained. "The Wi-Fi Alliance
> WPA3 specification defines additional requirements for devices operating in
> SAE modes."

>From what I've observed, the IETF's name seems to end up attached to
Dragonfly quite a bit. Curiously in these quotes, the CFRG and IRTF aren't
mentioned at all. Perhaps this speaks to a more general problem around
public perception of RGs and informational RFCs (or lack thereof), but when
I read quotes like this, they sound to me like many people's perception is
that Dragonfly is a standards-track IETF RFC.

Issues like educating the tech press and trade associations on the
difference between the IETF and IRTF and the difference between
standards-track and informational RFCs aside, I think the main thing the
IETF could do address these concerns is actually create a WG dedicated to
producing a standards-track PAKE for similar use cases. PAKEs are certainly
a hot topic these days, both on the CFRG (see OPAQUE thread this morning)
and in cryptography in general.

Tony Arcieri