Re: [Cfrg] Further actions on PAKEs: one/two documents; call for editors

"Stanislav V. Smyshlyaev" <> Tue, 07 July 2020 05:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D20D13A084B for <>; Mon, 6 Jul 2020 22:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FdIFS6kkJc69 for <>; Mon, 6 Jul 2020 22:23:27 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8498A3A0846 for <>; Mon, 6 Jul 2020 22:23:26 -0700 (PDT)
Received: by with SMTP id t9so24006347lfl.5 for <>; Mon, 06 Jul 2020 22:23:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KEiL2ShPYY+VSmkBN1erOZwq9rurvNA3AP8HMhE3Jcg=; b=si990isKxUFamVXQEuJCM2Duf5NN7FVz+ThKUcxnjxLCf3IB+u+sN/kBBDJN2pTkkS RRd+mm8a8IyPUuCgpM6b0bmo3reyrxCFEc2F7jKfUM02Ua8xOPaRKEqT9CqpK30rqc97 8fW8uGHYeKwbiatM+3QCi8c93p9CHHdW43oDCiZ7aSgqUjbEgAVPb69+rsXCrp95Oc+M E+KE79zGfIhRuoO0aYwJIWY27JJaIwxXxiAk0wj4nkTqIR5A1frgMVidIGr1AXrI7vW4 bNg9mNIx/dXRb11q/jKaYOF8fKA7/RyJi+2b3XtESVX5Cj3lS3gqQFUiUV1IQD8Z3AmM UN4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KEiL2ShPYY+VSmkBN1erOZwq9rurvNA3AP8HMhE3Jcg=; b=k3tU4a8jOgqxDNXrd1Nx4Q/mMTA6FW9lHLdUlpzmvdQ2moFmzm00U1y70hmPLGIj0Q ApyFOYUGHb2Fpp58fn5/Z1PJ8S3ReAa8fPCU3B/FZBFQG/fD+xyWHvFli1i5bH18MXzu PL1qKwYop2cxOAa3pT+W6bEqiyYEDDlElsSTJRtVVJ99/zkMh5CIFr1KaVrnDQ+FR6Lf dmGAxylEBoD2E5MqgNVdJIKzR4rn8KH4zej9jGNBWBWiQQm7AB/yhMXg/fMRZBn1jg+R kBVOq2zdBkyCTDAHsjKZoxcIMrGiyTipFI7qKeUgO0IIbfNpn3uTaBcOrvxnCJfTuhp1 1RHw==
X-Gm-Message-State: AOAM530B48FqhY/TUJu6S7IRRYnmEL2LDmv4gKekqRu6m4iaLIkNq7/t x1PDFN/IlU2lSM/wV382yjK0gd5BskqRMByBYjo=
X-Google-Smtp-Source: ABdhPJxnVZFcJswBRWav8nEqxZctZu1JkijK8q3upndrHyXKIgW/pcF98QRQ2z4meu8sgzX4yBGugYJExWnjdbCdiog=
X-Received: by 2002:ac2:5e6e:: with SMTP id a14mr31776697lfr.79.1594099404547; Mon, 06 Jul 2020 22:23:24 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: "Stanislav V. Smyshlyaev" <>
Date: Tue, 07 Jul 2020 08:24:14 +0300
Message-ID: <>
To: Björn Haase <>
Cc: CFRG <>
Content-Type: multipart/alternative; boundary="000000000000beac4d05a9d33000"
Archived-At: <>
Subject: Re: [Cfrg] Further actions on PAKEs: one/two documents; call for editors
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jul 2020 05:23:40 -0000

Dear CFRG,

Based on the feedback, the chairs have decided to create separate
documents, one for CPace and one for OPAQUE. As follow up actions, the
drafts describing the finalists, draft-haase-cpace and
draft-krawczyk-cfrg-opaque, are now adopted as CFRG documents (of course,
these documents are not final and will continue to evolve to meet
requirements that have been mentioned in the discussions).

Bjoern Haase and Julia Hesse will be the editors of the CPace document,
Hugo Krawczyk and Chris Wood will be the editors of the OPAQUE document
(with kind assistance of Julia Hesse to ensure the consistency of two

Stanislav, Alexey, Nick

On Thu, 14 May 2020 at 18:26, Björn Haase <> wrote:

> Hi to all,
> I agree with Hugo. We should be having two separate RFC. Possibly, we
> could still try to closely match the structure of the writeups and maybe we
> could also share some of the text.
> In my opinion, we might also consider the remarks of Ran Canetti on this
> list regarding the APIs. In my opinion, it would be worthwile to explicitly
> consider the session id complexity in both RFC, as doing so would
> facilitate integrating the two protocols into larger constructions.
> I would be willing to contribute signicantly to the RFC, but I think that
> there would best be some native speaker in the team.
> Yours,
> Björn.
> Am 06.05.2020 um 18:05 schrieb Hugo Krawczyk:
> I strongly support Option 2. These protocols are complex enough that
> putting them together will make a monster RFC.. Even more significantly,
> the application settings are very different as are the properties of these
> functionalities. This being said, there can be a very high level document,
> for example expanding  RFC 8125, covering general principles for each of
> these settings and highlighting the important differences between these
> cases.
> I am working on expanding the OPAQUE internet draft (which I let expire,
> irresponsibly...) to include a more detailed specification. This is not
> intended to provide exact details at the level of bits on the wire but as a
> basis for defining these details. It will also serve as a basis to decide
> on what specific mechanisms to use in a default specification. A
> separate specification defining the use of OPAQUE with TLS 1.3 will be
> needed as initially drafted in
> I want to take this belated opportunity to thank the CFRG group, the
> chairs, and all the truly  dedicated reviewers for an amazing selection
> process. This would have been as remarkable even if OPAQUE would have not
> been chosen, but it is even more wonderful this way :-)
> And while at it, I want to thank, over the ether, my colleagues, Stas
> Jarecki and Jiayu Xu , co-authors of OPAQUE, for their amazing work at
> nailing down the many details of the UC proofs at the basis of the OPAQUE
> analysis. It has been an amazingly difficult work.  THANKS!
> Hugo
> On Wed, May 6, 2020 at 8:13 AM Stanislav V. Smyshlyaev <
> <>> wrote:
>> Dear CFRG,
>> This is a reminder that (as we have said at the recent CFRG virtual
>> interim) we are seeking for the opinions (and volunteers!) regarding the
>> futher steps after the end of the PAKE selection process.
>> We asked the following two questions about our further actions about the
>> PAKE documents.
>> *1) Do we need one or two documents?*
>> Option 1: "Recommendations for password-based authenticated key
>> establishment in IETF protocols" with both CPace and OPAQUE.
>> Option 2: "Recommendations for balanced password-based authenticated key
>> establishment in IETF protocols" with CPace and "Recommendations for
>> augmented password-based authenticated key establishment in IETF protocols"
>> with OPAQUE.
>> *2) Call for editors, authors*
>> Regarding the number of documents: during the meeting, a certain amount
>> of support for Option 2 (two documents) was expressed (see the minutes).
>> Please express your opinion here in the list (especially if you are in
>> favor of Option 1), if you have something to say.
>> And we really need editor(s) for this/these document(s) - please let us
>> know if you are happy to help!
>> Take care.
>> Best regards,
>> CFRG Chairs
>> _______________________________________________
>> Cfrg mailing list
> _______________________________________________
> Cfrg mailing listCfrg@irtf.org
> _______________________________________________
> Cfrg mailing list