Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt
Christopher Wood <caw@heapingbits.net> Thu, 08 June 2023 21:51 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4657EC15106E for <cfrg@ietfa.amsl.com>; Thu, 8 Jun 2023 14:51:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="vQd5Vs0V"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="kYwGHvYa"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KlFfy_Q8b9xd for <cfrg@ietfa.amsl.com>; Thu, 8 Jun 2023 14:51:16 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DF0DC14F693 for <cfrg@irtf.org>; Thu, 8 Jun 2023 14:51:16 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id A08CB3200583 for <cfrg@irtf.org>; Thu, 8 Jun 2023 17:51:12 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Thu, 08 Jun 2023 17:51:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1686261072; x=1686347472; bh=mt m/XPAQIieQOkjSPwZ2ehLWziIT2RFeH0PFfsdZbGY=; b=vQd5Vs0VIdQNskgOoZ hH4N+vXP+GKQlRiguSca/9tX/RT9SCtxb2n/Sobl8fXYy3wvxNnKMGAuuvX8ESgP xMGsTvc0HTW4g/QvggN2C6yt2Ng/475RFCbk89mLKly5q0lxjhMOEVcsYdcxDMko /NYm8594T/RH2vejy42NrEtm8YU3PbCbil2zl7zlegfLgCwX3R+dnJJ0jcFhOhk1 /3tTwPs66deEOoKPSAH4XSz0oxXGC0y0tCW6pk0d5+p8FqYNzTm9ZXOVVwpg+bLR m2G9Aw/Oeo+aKE3IaXymmOa9kyqdLN1C6NCW1zm4pvf/3nwwTOFhgK3qpsbJKERW cNRQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1686261072; x=1686347472; bh=mtm/XPAQIieQO kjSPwZ2ehLWziIT2RFeH0PFfsdZbGY=; b=kYwGHvYa/hySZ5+wuwCokXc9qAAEZ 62dzgv0Nv/YVfs3cI6hq9OckR2yVXklZz5pJ0SX8fEP7+cZDngRzChG17SBdpCU0 o31c08gGA2DhnYmqn8lkDDEHAWV4DQAye3pr5cK/Jo+NmUFuT8MsKN42zqwwngVW F7fJ78mJB4lR7hGWPDOEkwZPn032ExfFL5d7WQz2NioORjQtqqjTeE8pR5x8RBBH CP2k7T/St3Pdo0Mqwe3raTAx3izyzVaFGuax116wzPh+HvgCchOGyIbNZZvow5he mrOvkByJe0Nwh5MUwVgfjON1IRZqZJnkxZBrq/oEOeJSg13CkEMGTCd+A==
X-ME-Sender: <xms:UE2CZDVYXsg_lSc6mWnLzxyRu6IcfyCyHTfVscSWIE3TT_NBJejCGg> <xme:UE2CZLlIPaL9QXTMTOKsoe7OQ3woIfTVr7hKfrgc9DUg62aF7lSsDZqdqP1Icmifs lQFV9R8kLxOeLJ8Yi4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgedtjedgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeetgfffkeeiff evhfegtdeggffhgeejjeffhfduleeiffeuteefhfekgfelieekheenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghdpihhrthhfrdhorhhgnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhn ghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:UE2CZPaEWpOKpZ9tW4QRizb5F3nD8S3DMP5KMw-qCPOqJj44Cejx0g> <xmx:UE2CZOUMqzz_uoToAMvwATgKjB89AQVbQ7I9LosaILXX1Xj6eJIBww> <xmx:UE2CZNn_yTdOBsK0QzVD4Yqg5AM0C9v8lC1rTG6U3da4xR4qQt4Nig> <xmx:UE2CZJy066N-Gm-mhlJZqR4qvY1iBBkocTAm_ydQtlDz41jw034LHg>
Feedback-ID: i2f494406:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0D719234007B; Thu, 8 Jun 2023 17:51:12 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-447-ge2460e13b3-fm-20230525.001-ge2460e13
Mime-Version: 1.0
Message-Id: <ad4dd218-448f-49a7-b071-92150af22131@app.fastmail.com>
In-Reply-To: <168626074868.61724.3295992387765603049@ietfa.amsl.com>
References: <168626074868.61724.3295992387765603049@ietfa.amsl.com>
Date: Thu, 08 Jun 2023 17:50:49 -0400
From: Christopher Wood <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/qYQ1KivMcE4T71BycP6qq3rcnQs>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 21:51:21 -0000
This change has a number of updates, perhaps the biggest one being a reframing of the 3DH operation. Previously, we described 3DH in terms of operations on a prime-order group, whereas now we describe it in terms of DH functions. Test vectors for a variant build on x25519 have also been included. One open question we had for the group is captured in #414 [1]. Basically, when deriving a Curve25519 private key from some input seed is it _necessary_ to apply some form of random oracle or KDF? Currently, we don't do this, but it would be trivial to add. Thoughts and feedback welcome! After this is resolved, we believe the document is ready for RGLC. Best, Chris [1] https://github.com/cfrg/draft-irtf-cfrg-opaque/issues/414 On Thu, Jun 8, 2023, at 5:45 PM, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Crypto Forum (CFRG) RG > of the IRTF. > > Title : The OPAQUE Asymmetric PAKE Protocol > Authors : Daniel Bourdrez > Hugo Krawczyk > Kevin Lewi > Christopher A. Wood > Filename : draft-irtf-cfrg-opaque-11.txt > Pages : 79 > Date : 2023-06-08 > > Abstract: > This document describes the OPAQUE protocol, a secure asymmetric > password-authenticated key exchange (aPAKE) that supports mutual > authentication in a client-server setting without reliance on PKI and > with security against pre-computation attacks upon server compromise. > In addition, the protocol provides forward secrecy and the ability to > hide the password from the server, even during password registration. > This document specifies the core OPAQUE protocol and one > instantiation based on 3DH. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-irtf-cfrg-opaque/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-irtf-cfrg-opaque-11.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-irtf-cfrg-opaque-11 > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.txt internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.… Christopher Wood
- Re: [CFRG] I-D Action: draft-irtf-cfrg-opaque-11.… Kevin Lewi