[Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
Dan Harkins <dharkins@lounge.org> Mon, 25 March 2019 12:47 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 877AB12044E
for <cfrg@ietfa.amsl.com>; Mon, 25 Mar 2019 05:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ks-18ZpNMBIf for <cfrg@ietfa.amsl.com>;
Mon, 25 Mar 2019 05:47:35 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7826F120471
for <cfrg@irtf.org>; Mon, 25 Mar 2019 05:47:35 -0700 (PDT)
Received: from trixy.bergandi.net
(cpe-76-93-146-89.san.res.rr.com [76.93.146.89])
by wwwlocal.goatley.com (PMDF V6.8-0 #1001)
with ESMTP id <0POX00DC7A7ACA@wwwlocal.goatley.com> for cfrg@irtf.org; Mon,
25 Mar 2019 07:47:34 -0500 (CDT)
Received: from dhcp-95c4.meeting.ietf.org ([31.133.149.196])
by trixy.bergandi.net (PMDF V6.7-x01 #1001)
with ESMTPSA id <0POX00F1MA6GG4@trixy.bergandi.net> for cfrg@irtf.org; Mon,
25 Mar 2019 05:47:06 -0700 (PDT)
Received: from dhcp-95c4.meeting.ietf.org ([31.133.149.196] EXTERNAL)
(EHLO dhcp-95c4.meeting.ietf.org) with TLS/SSL by trixy.bergandi.net
([10.0.42.18]) (PreciseMail V3.3); Mon, 25 Mar 2019 05:47:06 -0700
Date: Mon, 25 Mar 2019 05:44:05 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <CAHOTMVJ2StG-wv6FRMescF=0PiZ4ei-MA0H+EV3QNiCb8yGFCQ@mail.gmail.com>
To: cfrg@irtf.org
Message-id: <4831964a-19de-2c33-bd6d-de33a2c63276@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative;
boundary="Boundary_(ID_liLxjucFLIC25MA3ezS++A)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0)
Gecko/20100101 Thunderbird/60.5.3
X-PMAS-SPF: SPF check skipped for authenticated session
(recv=trixy.bergandi.net, send-ip=31.133.149.196)
X-PMAS-External-Auth: dhcp-95c4.meeting.ietf.org [31.133.149.196] (EHLO
dhcp-95c4.meeting.ietf.org)
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com>
<alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca>
<CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com>
<edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie>
<20190310182935.GE8182@kduck.mit.edu>
<B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net>
<20190310191026.GF8182@kduck.mit.edu>
<CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com>
<042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie>
<CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com>
<CAHOTMVJ2StG-wv6FRMescF=0PiZ4ei-MA0H+EV3QNiCb8yGFCQ@mail.gmail.com>
X-PMAS-Software: PreciseMail V3.3 [190321] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/lNFkQxnCQpi7dEX6cNI0ewZAuGw>
Subject: [Cfrg] dragonfly,
was: Re: Time to recharter CFRG as a working group? Was: Re:
[secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 12:47:44 -0000
On 3/10/19 4:20 PM, Tony Arcieri wrote: > On Sun, Mar 10, 2019 at 3:46 PM StJohns, Michael > <msj@nthpermutation.com <mailto:msj@nthpermutation.com>> wrote: > > In recent years, the CFRG has produced documents that are for lack > of a better phrase de facto standards. The rate of document > production of the CFRG mimics more closely that of a WG than the > other extant RGs AFAICT. As an RG the CFRG isn’t permitted to > publish standards track documents, nor is the IESG or the ISE > permitted or constrained to require a conflict review on the > documents the CFRG does produce. [the latter comment is my > understanding of the rules of the research stream - it may be > flawed, but the purpose of RGs is supposed to be looking at > futures and that by definition shouldn’t be conflicting with the > nows]. > > > An interesting datapoint on this is Dragonfly key exchange, published > as RFC 7664, has now been incorporated into the Wifi Alliance's WPA3 > standard: > > https://sarwiki.informatik.hu-berlin.de/WPA3_Dragonfly_Handshake > > I will preface the following statement by saying that my criticisms of > Dragonfly on the CFRG list at the time were misinformed and due to a > lack of understanding, and would now call it "okay" (and many of my > concerns were assuaged after it received a security proof).. Well thanks for that. > However, I think it's fair to say that as a non-standards document, it > has something of a sordid history: > > https://arstechnica.com/information-technology/2013/12/critics-nsa-agent-co-chairing-key-crypto-standards-body-should-be-removed/ > That was an amazing piece of "journalism". The author got spun up by a troll army on twitter (which was about as accurate and reasonable as twitter tends to be) and basically alleged I was an NSA stooge without even contacting me before printing (which is also a failure of the editorial process at Ars). It was extremely unprofessional and resulted in numerous angry emails being received from people who had no idea what they were talking about but were furious with me nonetheless. One of the problems with discussing the history of dragonfly is that everyone seems to get it basically backwards. The protocol that is now part of WPA3 is SAE and it was actually the first dragonfly protocol. It entered the 802.11 standard through an amendment in 2008 or so. I then took the PAKE to EMU and that became EAP-pwd (published in 2010), I took it to IPsec and it became one of the possible PAKE extensions to IKEv2, and then I took it to TLS and got TLS-pwd adopted as a work item at IETF 82 in Nov 2011. There was discussion in TLS of a security proof (which it didn't have) and so a request for the CFRG to look at it. And that's where everything stood when CFRG got involved. The reason this became so "sordid" is because people think everything began with the CFRG and that I presented this protocol, as "journalist" Dan Goodin alleged, as a kind of follow on to Dual_EC_DRBG. > I think if there were a WG chartered specifically with a > standards-track document for what the next generation key exchange to > be used for use cases similar to and including, but not limited to > WiFi were, my best guess is we could've done better than Dragonfly. > I'm not sure why the Wifi Alliance chose it specifically, but it seems > the CFRG was treated at least in part as a bar the algorithm must pass > for incorporation into their standards, and for a standard of such > importance I guess what I'm saying is I wish that bar were higher. Well, WiFi Alliance didn't really "choose" SAE, it certifies things in 802.11 and the only thing in 802.11 that does a PAKE is SAE. Why wasn't a different PAKE chosen in 802.11? Basically patents, which were a problem back in 2006-7 and earlier when I was advocating for it. Why didn't anyone else try and propose a PAKE to solve the dictionary attack problem against WPA-PSK? Good question. That problem was known since around 2003 and was widely publicized yet I was the only person to try and fix it. Bottom line, though, is the WiFi Alliance did not use the CFRG as a bar. The only group that was using CFRG as a bar that the algorithm had to pass was TLS and TLS-pwd was parked and then withdrawn from the TLS WG so for what it's worth the hullabaloo over dragonfly in CFRG-- right or wrong-- served its purpose. regards, Dan.
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Peter Gutmann
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Dan Harkins
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Andy Lutomirski
- [Cfrg] ISE seeks help with some crypto drafts RFC ISE (Adrian Farrel)
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Paul Wouters
- Re: [Cfrg] ISE seeks help with some crypto drafts Salz, Rich
- Re: [Cfrg] ISE seeks help with some crypto drafts David Wong
- Re: [Cfrg] ISE seeks help with some crypto drafts D. J. Bernstein
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Tony Arcieri
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Stephen Farrell
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Tony Arcieri
- Re: [Cfrg] ISE seeks help with some crypto drafts Dan Brown
- Re: [Cfrg] ISE seeks help with some crypto drafts John Mattsson
- Re: [Cfrg] ISE seeks help with some crypto drafts Tony Arcieri
- Re: [Cfrg] ISE seeks help with some crypto drafts Aaron Zauner
- Re: [Cfrg] ISE seeks help with some crypto drafts Aaron Zauner
- Re: [Cfrg] ISE seeks help with some crypto drafts Aaron Zauner
- Re: [Cfrg] ISE seeks help with some crypto drafts mcgrew
- Re: [Cfrg] ISE seeks help with some crypto drafts Aaron Zauner
- Re: [Cfrg] ISE seeks help with some crypto drafts Tony Arcieri
- Re: [Cfrg] ISE seeks help with some crypto drafts Ted Krovetz
- Re: [Cfrg] ISE seeks help with some crypto drafts Paul Hoffman
- Re: [Cfrg] ISE seeks help with some crypto drafts Tony Arcieri
- Re: [Cfrg] ISE seeks help with some crypto drafts Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Paul Wouters
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Watson Ladd
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Paul Wouters
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Paul Hoffman
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… S Moonesamy
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Benjamin Kaduk
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Uri Blumenthal
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Ted Krovetz
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Benjamin Kaduk
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Tony Arcieri
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Uri Blumenthal
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Stephen Farrell
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Tony Arcieri
- [Cfrg] Time to recharter CFRG as a working group?… StJohns, Michael
- Re: [Cfrg] Time to recharter CFRG as a working gr… Tony Arcieri
- Re: [Cfrg] Time to recharter CFRG as a working gr… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] ISE seeks help with some crypto drafts Peter Gutmann
- Re: [Cfrg] ISE seeks help with some crypto drafts Salz, Rich
- Re: [Cfrg] ISE seeks help with some crypto drafts Salz, Rich
- Re: [Cfrg] Time to recharter CFRG as a working gr… John Mattsson
- Re: [Cfrg] [secdir] ISE seeks help with some cryp… Valery Smyslov
- Re: [Cfrg] Time to recharter CFRG as a working gr… Mathy Vanhoef
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Peter Gutmann
- Re: [Cfrg] Time to recharter CFRG as a working gr… Michael StJohns
- Re: [Cfrg] Time to recharter CFRG as a working gr… Richard Barnes
- Re: [Cfrg] Time to recharter CFRG as a working gr… Salz, Rich
- Re: [Cfrg] Time to recharter CFRG as a working gr… Stephen Farrell
- Re: [Cfrg] Time to recharter CFRG as a working gr… Michael StJohns
- Re: [Cfrg] Time to recharter CFRG as a working gr… denis bider
- Re: [Cfrg] Time to recharter CFRG as a working gr… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Time to recharter CFRG as a working gr… Richard Barnes
- Re: [Cfrg] Time to recharter CFRG as a working gr… Daniel Kahn Gillmor
- Re: [Cfrg] Time to recharter CFRG as a working gr… Michael StJohns
- Re: [Cfrg] Time to recharter CFRG as a working gr… Paterson Kenneth
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Paul Wouters
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Uri Blumenthal
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Tony Arcieri
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Tony Arcieri
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Paterson Kenneth
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… denis bider
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Watson Ladd
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Melinda Shore
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Uri Blumenthal
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… denis bider
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Martin Thomson
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Peter Gutmann
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Melinda Shore
- Re: [Cfrg] Time to recharter CFRG as a working gr… mcgrew
- Re: [Cfrg] [secdir] Time to recharter CFRG as a w… Donald Eastlake
- Re: [Cfrg] Time to recharter CFRG as a working gr… Michael StJohns
- Re: [Cfrg] Time to recharter CFRG as a working gr… mcgrew
- Re: [Cfrg] Time to recharter CFRG as a working gr… StJohns, Michael
- Re: [Cfrg] Time to recharter CFRG as a working gr… Stephen Farrell
- Re: [Cfrg] Time to recharter CFRG as a working gr… Martin Thomson
- [Cfrg] dragonfly, was: Re: Time to recharter CFRG… Dan Harkins
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Tony Arcieri
- Re: [Cfrg] dragonfly, was: Re: Time to recharter … Björn Haase
- Re: [Cfrg] ISE seeks help with some crypto drafts Eric Rescorla
- Re: [Cfrg] ISE seeks help with some crypto drafts Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] ISE seeks help with some crypto drafts Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] ISE seeks help with some crypto drafts Eric Rescorla
- Re: [Cfrg] ISE seeks help with some crypto drafts mcgrew
- Re: [Cfrg] ISE seeks help with some crypto drafts Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] ISE seeks help with some crypto drafts mcgrew
- Re: [Cfrg] ISE seeks help with some crypto drafts Ted Krovetz
- Re: [Cfrg] ISE seeks help with some crypto drafts Benjamin Kaduk