[Cfrg] CPACE: what the "session id" is for?

Loup Vaillant-David <loup@loup-vaillant.fr> Fri, 19 June 2020 16:33 UTC

Return-Path: <loup@loup-vaillant.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 87B8A3A0C6F for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2020 09:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gy9XTypOVd9U for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2020 09:33:22 -0700 (PDT)
Received: from smtp.loup-vaillant.fr (smtp.loup-vaillant.fr []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BBBE3A0B68 for <cfrg@irtf.org>; Fri, 19 Jun 2020 09:33:21 -0700 (PDT)
Received: from grey-fade (lns-bzn-60-82-254-246-40.adsl.proxad.net []) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: loup) by smtp.loup-vaillant.fr (Postfix) with ESMTPSA id C1375165F for <cfrg@irtf.org>; Fri, 19 Jun 2020 18:23:11 +0200 (CEST)
Message-ID: <326ebefc65c17f7fc11879b9b966a1e4585b1f16.camel@loup-vaillant.fr>
From: Loup Vaillant-David <loup@loup-vaillant.fr>
To: cfrg@irtf.org
Date: Fri, 19 Jun 2020 18:33:19 +0200
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/e0HI3gvOdPfM8VEXE1tcxSjy1GY>
Subject: [Cfrg] CPACE: what the "session id" is for?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2020 16:33:24 -0000

>From the latest draft:


""" Let sid be a session id byte string chosen for each protocol
""" session before protocol execution; The length len(sid) SHOULD be
""" larger or equal to 16 bytes.

""" It is RECOMMENDED sid, is generated by sampling ephemeral random
""" strings.

Unlike ZPAD, The draft doesn't explain this recommendation.
What problem may occur if we omit sid altogether?

Even if G ends up being reused across several sessions, I don't believe
there's any way to tell, because Ya and Yb are uniformly distributed if
ya and yb are indeed random. I feel like I'm missing something.