Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Andy Lutomirski <> Thu, 28 March 2019 02:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9E277120189 for <>; Wed, 27 Mar 2019 19:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2p-OQ6XgQbQ9 for <>; Wed, 27 Mar 2019 19:39:29 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 527D712018E for <>; Wed, 27 Mar 2019 19:39:26 -0700 (PDT)
Received: by with SMTP id k11so13516142wro.5 for <>; Wed, 27 Mar 2019 19:39:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FzWVfOmHZC/mRgA8W/4cUeIlXKuaBW5qMn/Hn3DpUQY=; b=OvR5sVdH+YUialdORnjS1zoM3o8jEx08WJ5OxSoVV35fzYvGI08h/h3kPX50Od9+PT ZXwrCmqoe1sIFIPehh397KkwJhC/l732ROY3KMTZI2Ri4FCyLOAIRUVKNsGW6xh5bm2L QviP/H1S5kvhF6uSzZ265p2Akm64Xmm320Kn0mAj0bhwIxFFGTtgWlX8uzgmwFitkszc YI7nnu9mOXRB6ALqnEkGhrT8/ger63oTJMMesOyIlkZnsUgvh0rBK0NSyHMe82kadrf3 POc1ZgjkznAi+YpcSyPo+u3RW6fTtT33nDJjgujF9NJ/pPqW71xRjPl3jqjZgvBaT+pH c7fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FzWVfOmHZC/mRgA8W/4cUeIlXKuaBW5qMn/Hn3DpUQY=; b=oz4V1DtW1DhLUj4QUg5wJocsrHsfJvYUH08J6OO/4orNePb+8XFbiXE8hp5NUNtEQi Q5mwUNBIlX+9Lh82WZSZuvVZtNsrSP2bNY3yHaJ5TZ6OX7iqgfM96cZXEZHz2DEplpR1 vxNFXTskmNFpdp22GxhdKJZU4oEy614Uj+e1QdGJWF+UW/+9mpgqWP9+Toyk9Go/MNR/ ikWN0VEFgDLnzEsq9WtAYi4dNwZwnVsg6lIvC8mwKNThjmj8k5WbWilMYVcp3XGTHwpl 4cXzB1GBxUSIGRP8TCmdLA31iSK7mA+oKVsVUW0IOI9/lxs+7dVr2M/vX4E/myzDVfbf gepQ==
X-Gm-Message-State: APjAAAVNyl24Bplv4e3xaxl7wuHzMUIGohsh6mL3uuv6zwrrAbk4xGPY leZ66+7VaWZyjVGn9/5vqHSSAhPshR799gMbz/PqzQ==
X-Google-Smtp-Source: APXvYqwK/1N1AwpihNbuD5VfQiDRSQSmHJZmqYndW2HXH/oMJxIiTZpT64zsf+H7HnIgzveru5DH85SnVC28ovCYH3M=
X-Received: by 2002:a5d:4710:: with SMTP id y16mr24288702wrq.176.1553740764798; Wed, 27 Mar 2019 19:39:24 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Andy Lutomirski <>
Date: Wed, 27 Mar 2019 19:39:13 -0700
Message-ID: <>
To: Tony Arcieri <>
Cc: Dan Harkins <>, CFRG <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Cfrg] dragonfly, was: Re: Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Mar 2019 02:39:35 -0000

On Wed, Mar 27, 2019 at 9:38 AM Tony Arcieri <> wrote:
> There is, if nothing else, some confusion around the IETF's relationship to Dragonfly, both within the WiFi Alliance and by tech journalists. Some examples:
>> Also note individual submission: EMU and Security Area review incorporated, IETF Last Call pending.. Related draft (will be RFC 7664), see .
>> WPA3 Personal authentication is a process called a simultaneous authentication of equals (SAE), which comes from the IETF Dragonfly key exchange. Robinson says that with SAE, the authentication requires interaction, and only after authentication will the keys be generated. This makes attacks that depend on cloud-based server farms and automated key attempts unavailable to attackers.
>> "SAE uses a Dragonfly handshake defined in the Internet Engineering Task Force (IETF) RFC 7664 specification and applies it to a WiFi network for password-based authentication," Robinson explained. "The Wi-Fi Alliance WPA3 specification defines additional requirements for devices operating in SAE modes."
> From what I've observed, the IETF's name seems to end up attached to Dragonfly quite a bit. Curiously in these quotes, the CFRG and IRTF aren't mentioned at all. Perhaps this speaks to a more general problem around public perception of RGs and informational RFCs (or lack thereof), but when I read quotes like this, they sound to me like many people's perception is that Dragonfly is a standards-track IETF RFC.
> Issues like educating the tech press and trade associations on the difference between the IETF and IRTF and the difference between standards-track and informational RFCs aside, I think the main thing the IETF could do address these concerns is actually create a WG dedicated to producing a standards-track PAKE for similar use cases. PAKEs are certainly a hot topic these days, both on the CFRG (see OPAQUE thread this morning) and in cryptography in general.

As far as I can tell, basically anyone who isn't involved in the IETF
or IRTF is utterly confused as to why they're called RFCs in the first
place.  Some of them seem to be standards (de facto, "standards
track", or otherwise), some of them are definitions of a cryptographic
protocol like CFRG produces (which sounds a lot like "standard" to
me), and very few of them indeed appear to be requests for comments.
It's entirely unclear when an RFC is supposed to be a statement that
IETF or IRTF thinks the thing in the document is a good idea.

I think the messaging could be made much, much more clear.