IETF Logo Mail Archive

Re: [Cfrg] How to circumvent the obstacles for PAKE integration into TLS // slides.

"Owen Friel (ofriel)" <ofriel@cisco.com> Tue, 23 July 2019 15:29 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80831203E1 for <cfrg@ietfa.amsl.com>; Tue, 23 Jul 2019 08:29:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=doywmP7k; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=lvLl1cFt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Oq5pR6b1PWs for <cfrg@ietfa.amsl.com>; Tue, 23 Jul 2019 08:29:00 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 950601203DA for <cfrg@irtf.org>; Tue, 23 Jul 2019 08:28:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6192; q=dns/txt; s=iport; t=1563895739; x=1565105339; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=e+F9vB39sSfrfVpOZr7/EVo59bfoTGIyuIb8zHL0FWE=; b=doywmP7knG/bliagPC7EvO7u5gT1WQgcWctELHcmuC1pYKaqO9dyOAo1 WYfmDP0rjrw+jLatjglERcgPXb3ctEoXA1PC5OB8CsxNKFXxKqAA7Ovqi F8GJDky1J8pwms0b/pNZ0UT1PJ2/A4sbqTOAlGTwzpIMSwMesb5Wb7Cow A=;
IronPort-PHdr: 9a23:Thm7wRLnntQx8KLZU9mcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeCtKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXEr1Nv/nawQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AGAAA1Jzdd/5BdJa1mDgsBAQEBAQEBAQEBAQEHAQEBAQEBgVMEAQEBAQELAYFDUANtVSAECyqEHYNHA4RSiS2CW4lUjXyBLhSBEANUCQEBAQwBARgNCAIBAYRAAheCNyM0CQ4BAwEBBAEBAgEGbYUeDIVKAQEBBAEBEBERDAEBByIDCwELAgICAQYCEQQBAQMCFBICAgIZBgYLFQgIAQEEAQ0FCBqDAYFqAx0BAgyOd5BgAoE4iGBxgTKCeQEBBYEyAQMCAgxBgwANC4ITCQWBBygBikCBHheBQD8ma0aBTlAuPoIaIiUBAQIBAYElIhgKCziCPDKCJowKIoJMmy9ACQKCGYZYiUCED4IthyWOOI01h0iBdY4TAgQCBAUCDgEBBYFQOIFYcBU7gmwJgjmDcYMSggKFBDtyAYEoi3eCLgEB
X-IronPort-AV: E=Sophos;i="5.64,299,1559520000"; d="scan'208";a="515846516"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2019 15:28:34 +0000
Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x6NFSYQw026055 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 23 Jul 2019 15:28:34 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 10:28:33 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 10:28:33 -0500
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 23 Jul 2019 10:28:33 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JXgLQ2Xg/Ar7XQrGE9MW5JlWHx/9zgSmmJsKlyCD0zr5eKzIu3Qxj2PE2s31wlxMwPzxLTnpe3ZFVx1UeCDWaraWW2mwCeNx0q1OBruqG5438OW/E/yKFKvV2HQJpipE9KEOqzjDyV4OU02yx2W65+us4l5Tb7wXCJ5/AGvSA3sxd+gbteNYqUgisMufDXxfNXuQzQxae84gKf2R6U9Wo36L47m7llaiam6+SQFJaLa6Mt5KoE9ZEm1bWZIzbcJEdZGWHyfeSRaO4l/OsAvFVwOZ0VbkPi3rsR0h6Da6OaMmMmRZ14MjY5I+XgbKUpNxf8cD70skXMaUvsRrRdfl0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e+F9vB39sSfrfVpOZr7/EVo59bfoTGIyuIb8zHL0FWE=; b=ZrEbvhhK/D8YAuKlQa7Mrfnb8N8fnN5hvkZzm7koVgOL4TSZNljXX6aBI9g34/mxIYGsdHsxUssip0ehjZa2okTWLCgQDlnDzkfOGtPWeC5vll+TwHOtWzTsdoGKam9w/uMVCjrnDBJ38Mk8UDJ8GqC2FKGNVjDGwkh3CHrK/2AORro4arXIKnLlTfx9yxQVH9EGj1F7iuddMHOz5grRrrJcu+3mHtJmcMuXmrymS1qvhe1aAYc5joBz0l7R9aT+1Gt60/alsfj3jNXcE3e0UUgvHDAoiQOEHYPH5eNhjNJkVSDEXhv12BQb7z9aT6C2hH00KWKyLIE7a68cq+mZTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e+F9vB39sSfrfVpOZr7/EVo59bfoTGIyuIb8zHL0FWE=; b=lvLl1cFt2C49ubkQLNgjt3nb3YelaWYDF85tEX4xSbSMSGOZ0WKtr6EomzGP09FTBVUQnQOttVKbEJVQvnfNHZo4UDDd4N2dZSDxb6UieqgYHeeQfTQ1gCDG/ETQcTiYpUFtU9jlMwKElGxZ4Xo1pqvgypqctHWr4B9sgdQEd/8=
Received: from DM6PR11MB3385.namprd11.prod.outlook.com (20.176.123.12) by DM6PR11MB3531.namprd11.prod.outlook.com (20.177.220.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Tue, 23 Jul 2019 15:28:31 +0000
Received: from DM6PR11MB3385.namprd11.prod.outlook.com ([fe80::21d7:6788:7090:d0ae]) by DM6PR11MB3385.namprd11.prod.outlook.com ([fe80::21d7:6788:7090:d0ae%7]) with mapi id 15.20.2073.012; Tue, 23 Jul 2019 15:28:31 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Björn Haase <bjoern.haase@endress.com>, Benjamin Kaduk <kaduk@mit.edu>, Watson Ladd <watsonbladd@gmail.com>
CC: CFRG <cfrg@irtf.org>, "hugokraw@gmail.com" <hugokraw@gmail.com>
Thread-Topic: How to circumvent the obstacles for PAKE integration into TLS // slides.
Thread-Index: AdU/0zW0G1cDrJm7THCybJ0GtxuGUAAGmVwAAEhbfIAABYhggAARP7zQ
Date: Tue, 23 Jul 2019 15:28:31 +0000
Message-ID: <DM6PR11MB33855C114392B1A400D4C0B2DBC70@DM6PR11MB3385.namprd11.prod.outlook.com>
References: <VI1PR0501MB225515FC68BD4CBF7C6F904E83C50@VI1PR0501MB2255.eurprd05.prod.outlook.com> <CACsn0ck3AhxHeu6=vAf9CMNLJcjkC59jhWDdGD-RP03DNqCfXA@mail.gmail.com> <20190723042811.GL99187@kduck.mit.edu> <VI1PR0501MB225501B52DC40DC41E6D590683C70@VI1PR0501MB2255.eurprd05.prod.outlook.com>
In-Reply-To: <VI1PR0501MB225501B52DC40DC41E6D590683C70@VI1PR0501MB2255.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com;
x-originating-ip: [2001:420:c0c8:1007::489]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 515724e7-6471-4d23-8a55-08d70f826b34
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR11MB3531;
x-ms-traffictypediagnostic: DM6PR11MB3531:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <DM6PR11MB3531A982E1999268EDC2F3EFDBC70@DM6PR11MB3531.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(26234003)(189003)(199004)(51444003)(13464003)(66574012)(446003)(476003)(15974865002)(53936002)(229853002)(33656002)(5660300002)(8936002)(46003)(52536014)(25786009)(74316002)(55016002)(71200400001)(11346002)(6506007)(486006)(76176011)(14454004)(6116002)(7696005)(71190400001)(68736007)(53546011)(14444005)(256004)(186003)(305945005)(8676002)(81156014)(81166006)(478600001)(99286004)(86362001)(4326008)(966005)(110136005)(54906003)(316002)(6436002)(66556008)(64756008)(66446008)(76116006)(66476007)(6246003)(2906002)(2171002)(66946007)(102836004)(7736002)(9686003)(6306002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB3531; H:DM6PR11MB3385.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: wjsabn5TFvKfJVb2/7z9RcHwDIdEJgYq//3zU5dprk0ltA9f11K7HLFqu1CYdMjtE9hARefMp8aUwcU46nZV7PJK+vSlZdRphyJJAZ7qkIbHHsfmekRgxm57zgdAYhc5qNITJKdn/A6RTa3GWwd2miLa3HqkRO+L/RDk9uUxpvDw6S35U9zhR6SkzSKoXasLrcU3mI6GXYX+29iQEEa98C45j+aOmwURRzxBz111B2dCfvdcD6D8/7iYdxXDPWd211tpKiwPhGfrlEiQwJAb9WBIdnrkz6CstRPem6tZ6nuaHbaadjrJJy7H8hldUGeHQHQkdbSM4w2kDkm/MoP0X90YROYyxD0L0A7le4n9fB5ELUIziQ89/h1QLJ3D4mrrxnjYCCUAD4F+aMz5LAqaMISqqa7jBfm6ACaMt+Gd2PI=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 515724e7-6471-4d23-8a55-08d70f826b34
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 15:28:31.3056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ofriel@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3531
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.26, xch-rcd-016.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/iM7ehCp0jv1cG9p91giv4hONM0E>
Subject: Re: [Cfrg] How to circumvent the obstacles for PAKE integration into TLS // slides.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 15:29:04 -0000

Björn, 

Its worth reading https://datatracker.ietf.org/doc/draft-sullivan-tls-opaque  which Nick presented at 104: https://datatracker.ietf.org/meeting/104/materials/slides-104-tls-slides-ietf104-tls-opaque-00. It covers both OPAQUE in the TLS handshake, and OPAQUE via Exported Authenticators https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ at some point after TLS handshake has taken place. Its currently OPAQUE specific, but the EA model could probably be applied to other PAKEs. And finally, https://datatracker.ietf.org/doc/draft-ietf-httpbis-http2-secondary-certs/ covers how to use EA with HTTP2.

Owen

-----Original Message-----
From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Björn Haase
Sent: 23 July 2019 08:43
To: Benjamin Kaduk <kaduk@mit.edu>; Watson Ladd <watsonbladd@gmail.com>
Cc: CFRG <cfrg@irtf.org>; hugokraw@gmail.com
Subject: Re: [Cfrg] How to circumvent the obstacles for PAKE integration into TLS // slides.

Dear Ben,

>To build on that, a big motivation for wanting auth at the HTTP layer 
>is that most generic web servers aren't going to know *at TLS handshake 
>time* whether a given client is going to need to authenticate for the 
>HTTP requests that will subsequently be conveyed over that connection.

I fully agree. When saying this, I think that we might better be careful not to mix-up two aspects:

1) The human at the client side mostly wants to be sure that the server side contents are authentic, from the very beginning.
2) The server side requires authentication often only when operations with privileges are requested.

What we have here is something similar to what I'd be calling "re-authentication use-case" for password checks in a connection that is already established.

Moreover I see differences regarding the use-cases A  "End-customer-managed web servers (IoT)" and  B "Conventional Web-Shop use-cases (Web-PKI)". The main additional benefit of PAKE for use-case A is that the server-authentication (1.) above) is provided also without the need of Web-PKI integration of the server.

I think that one might best try to realize the maximum possible re-use for authentication mechanisms in both use-cases A/B. Again this might be a reason for "outsourcing" all of the user-handling related stuff outside of the main TLS body. Also for use case "B" it might be worth to consider pulling out the password handling out from the main html application. Maybe one could use the same mechanisms of a "user authentication" module that we would be using for PAKE? For doing so again some kind of channel-linked tunnel mechanism through TLS might be helpful/necessary.

Yours,

Björn.

P.S.: I have moved this discussion back to the main list. Sorry for starting this discussion with the "not yet publication-ready" slides.


Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 

Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen 
Endress+| Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221 bjoern.haase@endress.com |  www.conducta.endress.com 



Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 

Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
 
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email