[CFRG] Next actions for I-D: draft-irtf-cfrg-cpace-03 // We would appreciate your feedback !
Björn Haase <bjoern.haase@endress.com> Fri, 03 December 2021 13:43 UTC
Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353CB3A09A8 for <cfrg@ietfa.amsl.com>; Fri, 3 Dec 2021 05:43:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=hb28O5aZ; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=cQx0ftms
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaPZDAcyk_Zd for <cfrg@ietfa.amsl.com>; Fri, 3 Dec 2021 05:43:22 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on060c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::60c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9CC13A09A4 for <cfrg@ietf.org>; Fri, 3 Dec 2021 05:43:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sqls/C2O5U7Q/IBLSUGx5C79q4C4fD7p0WspKELPVTc=; b=hb28O5aZ3a8kEBVKq+7xMIWYrbw1bGJwYjrA2TuNznCdUUk/96f2UBIFukgJcAedWEZHu/i8gniZNe8NXBLFxXErSAILrIIYhIGbLAJGpS+iR/zppXn+X5dOCpWD6q8UMKyPnbSYlXCTFXWzq1fF2P8n5KNNY8P3PcT6bDLuyME=
Received: from AS9PR04CA0073.eurprd04.prod.outlook.com (2603:10a6:20b:48b::27) by VI1PR05MB4222.eurprd05.prod.outlook.com (2603:10a6:803:40::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.28; Fri, 3 Dec 2021 13:43:11 +0000
Received: from VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:48b:cafe::28) by AS9PR04CA0073.outlook.office365.com (2603:10a6:20b:48b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.11 via Frontend Transport; Fri, 3 Dec 2021 13:43:12 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 40.68.44.165) smtp.mailfrom=endress.com; dkim=fail (body hash did not verify) header.d=endress.com;dmarc=temperror action=none header.from=endress.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of endress.com: DNS Timeout)
Received: from iqsuite.endress.com (40.68.44.165) by VE1EUR03FT005.mail.protection.outlook.com (10.152.18.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4755.13 via Frontend Transport; Fri, 3 Dec 2021 13:43:10 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Fri, 3 Dec 2021 14:43:09 +0100
Received: from EUR04-HE1-obe.outbound.protection.outlook.com ([104.47.13.57]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Fri, 3 Dec 2021 14:43:08 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q8+YJoAbd9rMqv1Uyxx0JJEV8p9Cwk0csYdVrskAsCYTqYImS1FcU4LSE0WtHGBcbFSxCjyX8A5NAO40+0WV8C1Sl0VlKczbgG98rYEraV1LwkdT7f9/HYt7tLL/VRhiBx8s4HK4deLfszJwMG0r8NJ+4Yz6McB0lxbs7nWDQXvVGngFpwV0QhcML9X4HnEUgF/xBjcUGbBaRLrs16SwjWi9lfT1L3g5lKnNByz8BGTASnNOi2rEHUTOyE0na6L4FxDdhqzzf3FckoGP3GdhUYVVTAsseklTofIc7SJbrgunf6eo+ITNPfS/6ah4djEztWkeX+A/X5dEhUx5O/ANLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b1sV+wtkcBbD+eVMdCwpITlZOVQ5zmTYQK/2Z20sWFQ=; b=ZiWtlHk6YvtD/I/O1wJ31NgpWpVX64DBPG6iqtl61LXqHnuBQ7l6lazNis+kKBGM2ciibVnv2YpLumucOm63Je5rgj9HsJoi9GyC86RHRcE773VpC3QqzUJV6/+RlPPC5dn201OVcWTawboAwrXA+CDvfAA0GYcLnX5gVqR3wltOH2AqwoFCIkfOh/Zxqe6ODeQc2D3Y/UN/womdlTnGlnYtPzo7pJTnR5XRR2NGntZilu6bgNQmAbE1IEXBu6X7rSEoeZB27uLQjGK00CA62Cvw77U7NrZVvg+Q+uH+vnKjFbfLpp58CAKOkK2KibPlw1emgJZ+7tn2k/1wm+ctvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b1sV+wtkcBbD+eVMdCwpITlZOVQ5zmTYQK/2Z20sWFQ=; b=cQx0ftmsf8cMrTzZ90CSz/GiJV+aSYRZ8r8mEYXYbFFek+Qf5NmopIlk4aBZ5vkzEMQAy5XRGhACmXVZjWGZIMrF6SAri6Z0fsGM6BcbWu5UzsFfmi0QTqyxxvZu61OYZu4eeLChpbroVDuNdI+ezZPUpfkXbNe+HccvFRm02O0=
Received: from VE1PR05MB7533.eurprd05.prod.outlook.com (2603:10a6:800:1ad::16) by VI1PR05MB4271.eurprd05.prod.outlook.com (2603:10a6:803:4c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.23; Fri, 3 Dec 2021 13:43:06 +0000
Received: from VE1PR05MB7533.eurprd05.prod.outlook.com ([fe80::4dd:f69e:5edf:c7c3]) by VE1PR05MB7533.eurprd05.prod.outlook.com ([fe80::4dd:f69e:5edf:c7c3%4]) with mapi id 15.20.4734.028; Fri, 3 Dec 2021 13:43:05 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: Next actions for I-D: draft-irtf-cfrg-cpace-03 // We would appreciate your feedback !
Thread-Index: AdfoS4UPkZ004U0OSHG6jezo9y+70A==
Date: Fri, 03 Dec 2021 13:43:05 +0000
Message-ID: <VE1PR05MB753305F046FCAE2979025A7F836A9@VE1PR05MB7533.eurprd05.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=endress.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: d27f9766-c4f8-43e2-66c1-08d9b662d876
x-ms-traffictypediagnostic: VI1PR05MB4271:|VI1PR05MB4222:
X-Microsoft-Antispam-PRVS: <VI1PR05MB4222F7D706BDA23B363174E8836A9@VI1PR05MB4222.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: MOEeBqD9n8ypEksfMEdqPJrHpiAqEn7AhZLcKvPkvaBYwmQCOQs23b3CUlpWXpuC+xbAOh1L8H2KEX6kcJ30SxY/4sXA4F+BCpf+aNiH3pTDX/LojwTnKUDec3Cij1sZx4pcLv9brqq+4JqFLwahLiz232T3YzxuYTC7AnxUncpnkmRLlGPjT4XThrEu9+uWUxatuofTKFLFVyOnLxLgG/o6aWvxMi0ZZtTOGPu3c0cKwDEETZQc4X1LGmSaKpSu1Upk0ELiO033aR45Q7msx+fbddBE/KhsTlWa1wX6i9TM47ZaDG3jUSXtRNmsEma7aVM3MlB9VunybXDsGa8ZPiv+PuWaFqs6ymCtE1Mbpnv1S3kbY3d4nvv5VCFm/mDl5iorv3MO2RIdOiinjuIzmZUO9xOQOj3DlSBR5kAXezWEy3yn2LJ8sfd13llvVZo3v0uOICBm7GFAH0ErtbSdR3/oo+wjaCE+UwVeJNy0gP5TcJvKQV5UErZP05ew2dLf0/TdRK/xnkwheFjmm4CcOXX1Isy207ATEn4CYrtGxp3q8OwbeKdeDZuzbyO3D/EuZVJ0s4fF98Nq5ttwqJVx6inHKV77AQ9Gecb762cwWp4Sf24CeWOgIlVeikzyxfbkDq1JSr99WTrPC92x+d+bNEtM+/r/AjkPrslKnLe/G7EIyUEBu+OsI4Q/v8MLkX0is+U1/8o43G7VjRqf0hbAIjltVA3PqE4AfRKzpYUT+gsOStB6T5081KeGHSKaJG00Ndiz/vm461oMGoGP/WJrcYtYmye1oNUrwPGBq4vyDj0=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VE1PR05MB7533.eurprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6916009)(8936002)(8676002)(966005)(508600001)(2906002)(52536014)(86362001)(38070700005)(76116006)(66446008)(9686003)(66946007)(64756008)(66556008)(66476007)(38100700002)(55016003)(122000001)(83380400001)(33656002)(71200400001)(26005)(7696005)(6506007)(316002)(186003)(5660300002)(66574015); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB4271
X-OriginalArrivalTime: 03 Dec 2021 13:43:08.0507 (UTC) FILETIME=[B4D99AB0:01D7E84B]
X-Trailer: 1
X-GBS-PROC: tnzUeMr64NuGbQYXKuOpclPAIA+FzR+wb7qaxGo5b28=
X-GBS-PROCJOB: dbMB9uHl08F6hsgq4YeDC+9WpHOMp3vxW8Udd/rjHPqwm63h0TKbK1h9HGDrauJl
X-GRP-TAN: IQWE01@7A0A0202E8474A759F2A4189FDAC9799
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 67738acf-9b4c-413a-3147-08d9b662d5c2
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: BKqNl+9GcMjCTkuWAJynzD+MNeEXxXx9PaENn5rolmEQ/hVT5AmyLK/Llc+8MRbbHo//3dodT+atH7yTmkpVJz00wvFfJ+v07ZE/ylgpNg2ZIV98pUBS3koBuvOd8xLZ+QJx49zdTJf5J5KkM8zUOStBsXKdOZB/ZwHgR8NGfhpcFwV+hdOYA28QU2hDX24C8WhXY6eI3uVtZ8R3B7P0YTS7tRHI46OEjjjB+PdFXTVlCfy8g29iJGIy6qKuVz2z+5LTksQhAOxsGWonU3kA/2v/IrvvVU5lYo+6SLhD6271aXJ2MB5CC0rEOBEmOCbqBX64v/+5OcvV0D/ZFJQvZQLqMgUQk6SkGIVydKE7FalpLp3ing8oML0i/626VN+Jhl7Nix6am8/1MacYq4dOXuGi/IiftoOwB+h/NTzbTnPhZgFPEXfJwqJPYzGHp9eqfP5izp7pri87v9uMliDM7eUNXFRnCnz2ItHzbRYW7WjyIvtxI9Gqv3rH8HpCY6mZ0Hg6Vw1FWdEUYwUFuYrLxk46V24ZrR2s82vk6m6KbO+VS5UFIS/WXb42zfvqtIbyLtUetRCLrrDJshbnJOwuyIUTA5ZOBongoZj82iVo038jVjKT0fwLyqPlM2pMV7b0egRlXuOTNO9zYazGUXacVz2PQWvANpghh3fBJ5BgIb+iBJ1+9V/4DNl2J9XWSkVpyFstifZCZHECMUrqIk7PvZSkB5W+map7SlWvpPCxq7/T6w+DiAuyQ/MCABkAYDtCZlvPFEHKAl6PXFKEIfl5ksdufK5fQCTv5N8qy0p4x+Atgpl0/BKuSf3vr+xE+X1sxGEN9ESdrcQAMFaT/ecLblUgxBuF0XY9UmZA+iy07EJQfATDMcl+r+NiGZ8mYz4jGLpXO5EyQi3LD8KO+uasO9PDTB/qr54bF6r15sgJ/nE=
X-Forefront-Antispam-Report: CIP:40.68.44.165; CTRY:NL; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:iqsuite.endress.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(40470700001)(15974865002)(8936002)(83380400001)(6506007)(356005)(81166007)(36860700001)(5660300002)(2906002)(40460700001)(52536014)(66574015)(6916009)(26005)(63370400001)(47076005)(316002)(336012)(82310400004)(55016003)(186003)(966005)(86362001)(70206006)(8676002)(7696005)(9686003)(33656002)(508600001)(63350400001)(36900700001); DIR:OUT; SFP:1101;
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2021 13:43:10.3386 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d27f9766-c4f8-43e2-66c1-08d9b662d876
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[40.68.44.165]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB4222
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/aSVPwtpKr3FLZSGh6R8G48O6fo8>
Subject: [CFRG] Next actions for I-D: draft-irtf-cfrg-cpace-03 // We would appreciate your feedback !
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2021 13:43:27 -0000
Dear CFRG, we would like to start a broader review of the current CPace draft-irtf-cfrg-cpace-03 before Christmas and would welcome any feedback on the draft's current version. We would be happy if we could integrate your opinions and feedback already before the next larger review round as to lower the number of cycles that we will need for getting the draft in a good shape. Best regards, Björn (on behalf of all authors.) P.S.: FYI: The slides and the talk regarding the latest CPace security analysis paper at asiacrypt is now also openly available online https://asiacrypt.iacr.org/2021/program.php. Mit freundlichen Grüßen I Best Regards Dr. Björn Haase Senior Expert Electronics | TGREH Electronics Hardware Endress+Hauser Liquid Analysis Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany Phone: +49 7156 209 377 | Fax: +49 7156 209 221 bjoern.haase@endress.com | www.ehla.endress.com Endress+Hauser Conducta GmbH+Co.KG Amtsgericht Stuttgart HRA 201908 Sitz der Gesellschaft: Gerlingen Persönlich haftende Gesellschafterin: Endress+Hauser Conducta Verwaltungsgesellschaft mbH Sitz der Gesellschaft: Gerlingen Amtsgericht Stuttgart HRA 201929 Geschäftsführer: Dr. Manfred Jagiella Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben. Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach. Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such. -----Ursprüngliche Nachricht----- Von: CFRG <cfrg-bounces@irtf.org> Im Auftrag von Julia Hesse Gesendet: Dienstag, 16. November 2021 09:00 An: cfrg@irtf.org Betreff: Re: [CFRG] I-D Action: draft-irtf-cfrg-cpace-03.txt Dear CFRG, the cpace draft did undergo some major restructuring lately, and we incorporated the latest findings from the security analyses in [1],[2]. We would appreciate a review by CFRG at this point. In particular, we were asking ourselves the following questions: - Is the “object” notation for hash function and group environment clear? - Should we explicitly consider both initiator/responder + parallel version or only focus on one setting for conciseness? - What is the best way for prepending field lengths to octet strings? (Current suggestion: UTF8) - Overall length: is it too long? Any suggestions for shortening? Best, Julia (on behalf of all authors)