Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document

Paul Lambert <> Tue, 06 January 2015 18:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 18AEE1A1B18 for <>; Tue, 6 Jan 2015 10:30:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kKMnbL0lb2Qi for <>; Tue, 6 Jan 2015 10:30:53 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 427CE1A0016 for <>; Tue, 6 Jan 2015 10:30:53 -0800 (PST)
Received: from pps.filterd ( []) by (8.14.5/8.14.5) with SMTP id t06IUCQR010317; Tue, 6 Jan 2015 10:30:52 -0800
Received: from ([]) by with ESMTP id 1rqrtjmqe7-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 06 Jan 2015 10:30:52 -0800
Received: from ([]) by ([::1]) with mapi; Tue, 6 Jan 2015 10:30:50 -0800
From: Paul Lambert <>
To: Alexey Melnikov <>, "" <>
Date: Tue, 6 Jan 2015 10:30:48 -0800
Thread-Topic: [Cfrg] Adoption of draft-ladd-spake2 as a RG document
Thread-Index: AdAp3uTq+UpIuphXTi+AubHg9QIYtQ==
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_D0D165D85757Epaulmarvellcom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68, 1.0.33, 0.0.0000 definitions=2015-01-06_07:2015-01-06,2015-01-06,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1501060183
Subject: Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Jan 2015 18:30:55 -0000

This message starts 3 weeks adoption call for draft-ladd-spake2. Please reply to this message or directly to CFRG chairs, stating one of the following

1) that you are happy to adopt the draft as a starting point
Starting point for what?  A definition of SPAKE2, or can we step back briefly and discuss requirements?
A PAKE is a building block … but not one with attributes that I’d recommend except for some very narrow use cases.

2) that you are not happy to adopt this draft
It might be a starting point for a PAKE, but is incomplete.  So, no.  However, it is worth discussing and improving if the goal is to provide a stable reference for SPAKE2.

3) that you think the document needs more work before the RG should consider adopting it
Yes. It’s missing:
 -  M and N definitions missing
 - Use of names and addresses in the calculation needs some work or rethink … again, what are requirements and what are we authenticating.
 - test vectors and wire formats
 - would be better if made into a more symmetric protocol and had a state machine definition

While detailed document reviews are generally welcome, this not a call to provide detailed comments on the document.
SPAKE2 has been used in industry.  Is the goal to document current practice?  That would lead to one set of comments.

Are we working to define a generally useful security protocol exchange with specific properties? That would be a different set of comments and perhaps more useful for long term impact.  I’d rather see energy spend on this topic than perpetuate PAKE based solutions, but this need not be mutually exclusive to defining SPAKE2.


On bahalf of CFRG chairs.