Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.txt

David McGrew <mcgrew@cisco.com> Mon, 03 February 2014 22:53 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE901A0273 for <cfrg@ietfa.amsl.com>; Mon, 3 Feb 2014 14:53:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.035
X-Spam-Level:
X-Spam-Status: No, score=-15.035 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHML2lyCzJCo for <cfrg@ietfa.amsl.com>; Mon, 3 Feb 2014 14:53:17 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 338881A0268 for <cfrg@ietf.org>; Mon, 3 Feb 2014 14:53:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2717; q=dns/txt; s=iport; t=1391467997; x=1392677597; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=lr1xzef+qu3K2lZ1SaJHApz21zqKge6pu5B+AP/T50E=; b=c759QRKLpLZWPS6xQSM4UnYAS0lXtGVrX4f/EONUjE/PclRNPQZMrT4m uedmi/IMACIr4SqNq2ZH6W0H5io6kLGoW9G+IhanFWSSSFRkK/eV/nZ49 JryCzLnkvtJ3sfRtYAgp0b8NUJcNdq5hCkV6uLMT/r2mKZQ6keac9NjIK M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ah8FAA8d8FKtJV2b/2dsb2JhbABZgwyEEIVdtTSBDxZ0giUBAQEDASNVAQULCwQBEwkWCAMCAgkDAgECATQRBg0BBQICh3kIrEmhUhePCAeCb4FJBIlJjmGGSItZg0se
X-IronPort-AV: E=Sophos; i="4.95,775,1384300800"; d="scan'208,217"; a="301539413"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP; 03 Feb 2014 22:53:17 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s13MrGwN021887; Mon, 3 Feb 2014 22:53:16 GMT
Message-ID: <52F01DDC.3040004@cisco.com>
Date: Mon, 03 Feb 2014 17:53:16 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <20140203192451.6268.76511.idtracker@ietfa.amsl.com> <7af2f9df96e5867d493c614806235363.squirrel@www.trepanning.net> <CACsn0cm1f-P95je5AbEbZ02Ut3+HM7Hx28P6j46TqE-=06eZDg@mail.gmail.com> <52F00EF3.3040505@cisco.com> <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com>
In-Reply-To: <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------080309010005000209020404"
Cc: cfrg@ietf.org
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 22:53:18 -0000

On 02/03/2014 05:11 PM, Watson Ladd wrote:
>
>
> On Feb 3, 2014 1:49 PM, "David McGrew" <mcgrew@cisco.com 
> <mailto:mcgrew@cisco.com>> wrote:
> >
>
> > Let me ask: can you suggest text for the security considerations 
> section of this draft that captures your concerns regarding the lack 
> of reduction and uniform hashing?
>
> Sure: "Despite significant efforts, no variant of this protocol has 
> been proved secure even in the random oracle model with nonstandard 
> assumptions. None of the security claims are sensible in any accepted 
> formalization of security protocols.
>

Could you rewrite that in a way that would be accessible to someone who 
is not a crypto specialist, and suggest references for the ROM and 
standard assumptions (and the uniform hashing)?   Perhaps cite a 
formalization of a PAKE protocol?

David