Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt
Kevin Lewi <klewi@cs.stanford.edu> Mon, 10 July 2023 23:06 UTC
Return-Path: <klewi@cs.stanford.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C5D7C169513 for <cfrg@ietfa.amsl.com>; Mon, 10 Jul 2023 16:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.193
X-Spam-Level:
X-Spam-Status: No, score=-4.193 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vxg-3O1-kfmV for <cfrg@ietfa.amsl.com>; Mon, 10 Jul 2023 16:06:30 -0700 (PDT)
Received: from smtp2.cs.Stanford.EDU (smtp2.cs.stanford.edu [171.64.64.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0375C16953D for <cfrg@irtf.org>; Mon, 10 Jul 2023 16:06:30 -0700 (PDT)
Received: from mail-lj1-f178.google.com ([209.85.208.178]:55527) by smtp2.cs.Stanford.EDU with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <klewi@cs.stanford.edu>) id 1qIzxc-0001rq-E4 for cfrg@irtf.org; Mon, 10 Jul 2023 16:06:30 -0700
Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2b6fbf0c0e2so77600741fa.2 for <cfrg@irtf.org>; Mon, 10 Jul 2023 16:06:29 -0700 (PDT)
X-Gm-Message-State: ABy/qLZJsstKoJKM4t47aXo9Q+T0MGZGfgJCrGj8I9j3ESKakxPqsGGi 5sadfjVgbH4ZnOBfgSAX+CuJ6Rr5pTTTgrewOfA=
X-Google-Smtp-Source: APBJJlGu+Wo/o5zS9rk5DULycWTVwoIWdKTDEp35/yyhZhxG+U/VNRNg2Ug3T+cYqvtdUFp+ckGeLe2cqIT4HGI/sJk=
X-Received: by 2002:a2e:90cd:0:b0:2b6:d838:1931 with SMTP id o13-20020a2e90cd000000b002b6d8381931mr11698140ljg.30.1689030388362; Mon, 10 Jul 2023 16:06:28 -0700 (PDT)
MIME-Version: 1.0
References: <168626074868.61724.3295992387765603049@ietfa.amsl.com> <ad4dd218-448f-49a7-b071-92150af22131@app.fastmail.com>
In-Reply-To: <ad4dd218-448f-49a7-b071-92150af22131@app.fastmail.com>
From: Kevin Lewi <klewi@cs.stanford.edu>
Date: Mon, 10 Jul 2023 16:06:16 -0700
X-Gmail-Original-Message-ID: <CACitvs_XKwpZgz0QsvMto8VnfheRUXHptgcN_jHA+zfZ9+cwZg@mail.gmail.com>
Message-ID: <CACitvs_XKwpZgz0QsvMto8VnfheRUXHptgcN_jHA+zfZ9+cwZg@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="00000000000050381206002a0833"
X-Scan-Signature: 8d916073a6e03d0ab55799977e12a57e
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/iukDWB1s33EpgcCth4PYJLxgFmk>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2023 23:06:34 -0000
Hi Chris, > One open question we had for the group is captured in #414 [1]. Basically, > when deriving a Curve25519 private key from some input seed is it > _necessary_ to apply some form of random oracle or KDF? Currently, we don't > do this, but it would be trivial to add. Thoughts and feedback welcome! > > I don't think it is necessary to apply a random oracle or KDF to the input seed -- especially given that the input seed in this context is already presumed to be a pseudorandom output. But I wanted to bump this question up again in case others have opinions to share... Kevin > After this is resolved, we believe the document is ready for RGLC. > > Best, > Chris > > [1] https://github.com/cfrg/draft-irtf-cfrg-opaque/issues/414 > > On Thu, Jun 8, 2023, at 5:45 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. This Internet-Draft is a work item of the Crypto Forum > (CFRG) RG > > of the IRTF. > > > > Title : The OPAQUE Asymmetric PAKE Protocol > > Authors : Daniel Bourdrez > > Hugo Krawczyk > > Kevin Lewi > > Christopher A. Wood > > Filename : draft-irtf-cfrg-opaque-11.txt > > Pages : 79 > > Date : 2023-06-08 > > > > Abstract: > > This document describes the OPAQUE protocol, a secure asymmetric > > password-authenticated key exchange (aPAKE) that supports mutual > > authentication in a client-server setting without reliance on PKI and > > with security against pre-computation attacks upon server compromise. > > In addition, the protocol provides forward secrecy and the ability to > > hide the password from the server, even during password registration. > > This document specifies the core OPAQUE protocol and one > > instantiation based on 3DH. > > > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-irtf-cfrg-opaque/ > > > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-irtf-cfrg-opaque-11.html > > > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-irtf-cfrg-opaque-11 > > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > > > > _______________________________________________ > > CFRG mailing list > > CFRG@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.… Christopher Wood
- Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.… Kevin Lewi