IETF Logo Mail Archive

Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf

David Wong <davidwong.crypto@gmail.com> Mon, 27 May 2019 23:15 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A47612008A for <cfrg@ietfa.amsl.com>; Mon, 27 May 2019 16:15:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ufiao9b9BM1Y for <cfrg@ietfa.amsl.com>; Mon, 27 May 2019 16:15:23 -0700 (PDT)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07E6C12008D for <cfrg@irtf.org>; Mon, 27 May 2019 16:15:21 -0700 (PDT)
Received: by mail-pf1-x432.google.com with SMTP id c6so10244132pfa.10 for <cfrg@irtf.org>; Mon, 27 May 2019 16:15:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=hbSb5lzVouqc8sc2ZqhiPj049nZEcZe8vCZERlk6ups=; b=HFewffniRJTp0CSUjCnwPeaM7fIDyRnVCX2SnZAWCqojfmGjuR5fj2YnquE0szRMZc mthW1HtbanatQYQP5SOZkNoAZxb52r2Y69k0RTparKBmfLdVY3daocMoZEBSx5CuMze6 vZY8yGenlyZJMfobGpyp84oPS7S6sxUZ8H/W0XQHwCOC36WMuOREErdYUmFAFFDz59JG 6HfomnIGkDAy5k+prib5MyeG0Oph8QcuYaRHzuKCGbJRye9MJl81bgAIcGE5dCnuWUiI hLGoiWNeVkcJEL1zS8i54EmH2/tWs6lHsRuZjduxUaCJGcrlet2k4aQwrMi47KDtF5QW yTuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=hbSb5lzVouqc8sc2ZqhiPj049nZEcZe8vCZERlk6ups=; b=VvQIx4KoWOeX+X28v3MaEIOiuFQMMR7Kh6WX0fMlza+KpAjd7AC6T7H/LAmmC8xhAI 08wYLI0Wg3asq0TcQtXszmXm5h0W6UT1bZOLQEVBJB5SCa0eePA43aOLAuco1sHq4STy dSO2MDiw6iTPV4IxEw6U8WnzkqQgXTi/Io3jrZpsN8E5Vh4ZnZM4m46d5LfLw2dhVtKI s4wmDeMnINZsC8D4KIxEMj5cTHZY3sRegb7T+Fi+Vae40RIJE/CVL1p0Ns56BwPY9ABR PyjR/TJdGcuocibzjxQiiRqGav2uZMIWx7bqxjARv1GkupGNz/NtIhw8HEJyLU6ZFYPk DU8w==
X-Gm-Message-State: APjAAAWZJPz35LHhUNn8eWcIFJDbzcpaQAVrCjVwAuK7LzmBjznaGMSn IRUA/7/gevU5D30rQlrIsw8bNIjc
X-Google-Smtp-Source: APXvYqxfQZ6M6oPERs8+oTNxC0/HvBT2ygYM+Yj8lz93fqp1B2ZyBvj3FZ1/TRtrIfrfBZI+qrXnVw==
X-Received: by 2002:a65:6151:: with SMTP id o17mr20142507pgv.283.1558998921289; Mon, 27 May 2019 16:15:21 -0700 (PDT)
Received: from ?IPv6:2601:645:4000:7a8a:e985:9bae:bc51:180b? ([2601:645:4000:7a8a:e985:9bae:bc51:180b]) by smtp.gmail.com with ESMTPSA id z14sm16644464pfk.73.2019.05.27.16.15.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 May 2019 16:15:20 -0700 (PDT)
From: David Wong <davidwong.crypto@gmail.com>
Message-Id: <B66B1F99-91B9-4234-811A-9A743D2DC89C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0C3C65E7-4D47-4BF3-812E-6AD52BEB21C8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Mon, 27 May 2019 16:15:19 -0700
In-Reply-To: <CADi0yUPt8DFG9N+8CxznMcO7JZ78nsCdUTUr+eq6jmrB+Hp2Bw@mail.gmail.com>
Cc: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>, CFRG <cfrg@irtf.org>, "draft-sullivan-cfrg-voprf.authors@ietf.org" <draft-sullivan-cfrg-voprf.authors@ietf.org>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>
References: <54235333-9FEA-4543-93B6-2D4B1C8FCC2D@inf.ethz.ch> <0a67411b-9a2d-9e08-ca06-08ea938c0c89@gmail.com> <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch> <553170C6-11B3-4287-A033-9C051401F4C1@cloudflare.com> <0E69ED80-2479-4048-BF18-8E1F16EF57CA@gmail.com> <CADi0yUPt8DFG9N+8CxznMcO7JZ78nsCdUTUr+eq6jmrB+Hp2Bw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fpgBCMlgTFU-LiQgWZehVhOFum4>
Subject: Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 23:15:25 -0000


> On May 20, 2019, at 1:54 PM, Hugo Krawczyk <hugo@ee.technion.ac.il> wrote:
> 
> Hi David, to use a V-OPRF the client needs to store the public key Y=kG corresponding to the server's OPRF key k. In the OPAQUE setting we do not assume that the user carries any public key with her. The only information the user carries is the password (and account information where to login). This makes OPAQUE immune to PKI failures. 
> 
> Hugo

Hey Hugo,

thank you for providing an answer to my question! Why are we assuming that the user does not carry the server’s public key? For some mobile client code, the application should be able to pin the server’s public key. For web, I’m not sure how this can be done besides using a PKI indeed.

Also, what are the consequences of not being able to verify the server’s operation? Intuitively it sounds like the server can target users and force them to use a weak key.

David

v2.23.0 | Report a Bug | By Email