[Cfrg] Fwd: New Version Notification for draft-krawczyk-cfrg-opaque-03.txt
Hugo Krawczyk <hugokraw@gmail.com> Tue, 22 October 2019 00:16 UTC
Return-Path: <hugokraw@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76234120A83 for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 17:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mittaA-EVpq9 for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 17:16:01 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7E25120026 for <cfrg@irtf.org>; Mon, 21 Oct 2019 17:16:01 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id b136so18215882iof.3 for <cfrg@irtf.org>; Mon, 21 Oct 2019 17:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=F+PQ/tugiByyps2CRTFwJV1pn2Zblyf+9YCYHBR7Vpo=; b=XvQilG+7tC8Lfm0x2eAwmkN4jMhDThKwbENarWPJ+7Udxt1nO2QlbUAdFGkwNtfIt6 Pqb9VGeZttuVXHF9Sm2xeyMFZuXTswQvN2tPBB3rNFUlCtr5TldIVOY7m6VVVKLyQwFm AcjHWTwpw2LTcAJOLnXAKWFzy2s+XiMqFFzNfJ+avvOr6NJeCjsYZ8GIP79hGqaZNr2k STqNGE2s2JW7+aBQeBZGWtbR11J6/BiVb9aVEPcToxqRylXYaMm6kUZNMm6ByxmSgukg +XFDZIIo34tKcEQt9nm31IcHhJ6UC2qfNo43OV9PfXR15O/ukMNwMM7U/nKXjhJ6o9rg fEJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=F+PQ/tugiByyps2CRTFwJV1pn2Zblyf+9YCYHBR7Vpo=; b=kKzWqLcYwHKsG5mf+pu90fJrRZJH10UgGsAzJXKJDSYfrINosWKcNFgq9o3lSsWhMq Mac4VomXudC1ot6l2pkG0JPUOuR45Szy6YD6QNuUnxnkJ84zn9PYHDst6EybQ9VwWxAw v9d3XCxzJ1uPknYiUpim3UpYSFm/PwglX597LxVneIeIwPJLPRmdrApYs3xHg92JyhPK Ea09bnImNmN6phweJupe0/EZKk7gDBRJpkLErbZ0od/nTP9w9NXePb69nSgYVPpDYTbT EUPvnpAxJ04wyvJ6J3yd4F3S/I+9bsGIULTSSpe2VBa+VP8087mGQUJPTwu+WdxhM58F jjcg==
X-Gm-Message-State: APjAAAVLX3C6pz/iYxV3xsWU8QC+2VG42kFHYrHZVXwP6sThLPv74P4e b1ld2aYbrsFu1Y71CfC+LVIOdUxhOu5RtP60VMjf/ww6
X-Google-Smtp-Source: APXvYqyzwwZ1trM9ewBb3xoyCe6yC/6HCLMe7kjtZnOw50/Q0paoIAhsOXYEVd2gjyiAoKW+1Pd2qW5ytEZdYIvE+7U=
X-Received: by 2002:a6b:7518:: with SMTP id l24mr1007936ioh.3.1571703360461; Mon, 21 Oct 2019 17:16:00 -0700 (PDT)
MIME-Version: 1.0
References: <157152322045.5304.4812169165259064378.idtracker@ietfa.amsl.com>
In-Reply-To: <157152322045.5304.4812169165259064378.idtracker@ietfa.amsl.com>
From: Hugo Krawczyk <hugokraw@gmail.com>
Date: Mon, 21 Oct 2019 20:15:34 -0400
Message-ID: <CADi0yUN7w95_diT+s4UyU7hg+cVbyhHRTptv=aANG1x2wQQHfA@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000007e2146059574b4bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/h-I46QotHWAVma80LS9O0-dLEDc>
Subject: [Cfrg] Fwd: New Version Notification for draft-krawczyk-cfrg-opaque-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 00:16:04 -0000
I posted a revised version of the OPAQUE internet draft. The only significant change is that forward secrecy is now a requirement for the key exchange protocol underlying OPAQUE which means that three messages are necessary (and sufficient) for OPAQUE. As I said in my previous email regarding the new version of the OPAQUE paper, this does not change anything in ways to integrate OPAQUE with TLS 1.3 or IKEv2. In particular, no change to the analysis and conclusions of such integration as presented by CFRG teams is needed. I also added an encryption-less option for EnvU. The motivation for this is to provide an option that reduces server storage and communication in cases this may be significant. It also dispenses with the need to assume equivocable authenticated encryption, reducing the "idealized assumptions" in the protocol analysis. On the other hand, encryption helps with transmitting complex-to-generate private keys (e.g., RSA) and to support applications where the user may want to use the envelope for retrieving additional secrets. . Hugo ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Sat, Oct 19, 2019 at 6:13 PM Subject: New Version Notification for draft-krawczyk-cfrg-opaque-03.txt To: Hugo Krawczyk <hugokraw@gmail.com> A new version of I-D, draft-krawczyk-cfrg-opaque-03.txt has been successfully submitted by Hugo Krawczyk and posted to the IETF repository. Name: draft-krawczyk-cfrg-opaque Revision: 03 Title: The OPAQUE Asymmetric PAKE Protocol Document date: 2019-10-21 Group: Individual Submission Pages: 22 URL: https://www.ietf.org/internet-drafts/draft-krawczyk-cfrg-opaque-03.txt Status: https://datatracker.ietf.org/doc/draft-krawczyk-cfrg-opaque/ Htmlized: https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-krawczyk-cfrg-opaque Diff: https://www.ietf.org/rfcdiff?url2=draft-krawczyk-cfrg-opaque-03 Abstract: This draft describes the OPAQUE protocol, a secure asymmetric password authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. Prior aPAKE protocols did not use salt and if they did, the salt was transmitted in the clear from server to user allowing for the building of targeted pre-computed dictionaries. OPAQUE security has been proven by Jarecki et al. (Eurocrypt 2018) in a strong and universally composable formal model of aPAKE security. In addition, the protocol provides forward secrecy and the ability to hide the password from the server even during password registration. Strong security, versatility through modularity, good performance, and an array of additional features make OPAQUE a natural candidate for practical use and for adoption as a standard. To this end, this draft presents several optimized instantiations of OPAQUE and ways of integrating OPAQUE with TLS. This draft presents a high-level description of OPAQUE highlighting its components and modular design. A detailed unambiguous specification for standardization will be presented in future revisions of this document, or separately. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Cfrg] Fwd: New Version Notification for draft-kr… Hugo Krawczyk