[Cfrg] Questions about contents of PAKE drafts

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 21 July 2016 14:34 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0552112D688 for <cfrg@ietfa.amsl.com>; Thu, 21 Jul 2016 07:34:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JtOgaRumz6PG for <cfrg@ietfa.amsl.com>; Thu, 21 Jul 2016 07:34:48 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 278B012D684 for <cfrg@irtf.org>; Thu, 21 Jul 2016 07:34:45 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id s63so75302840qkb.2 for <cfrg@irtf.org>; Thu, 21 Jul 2016 07:34:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=1sAZlJcwcGAuBxy2zDHZ1DiIJwaRMvV29TySQQBk2kg=; b=VMykKPo0YGjLA1ZDi14nWgeTv83WaIE+MQSdZ01i//ECJxBEt0z/ocAxg6vyA/6CRv CKhrTJ2BIdluzHOzPSIYIF+0sZqajAaLENtdlHf/79fu5X5KSinCaJzamTpix4BRpqZp VjBv0sHC8Jc7d3nM4eYXe1e99Re0CJC14iu/fKTLs4CpQppgv2lk7LGH/BBSQwwVd2Fp mlZ06hrvjUwC0V/Mb8UbLGlvccaobtyBOYBZIImebefYE8j8Ld8pEfCnb8N+LqHSQBTb Zbv2qLMZPVbRnB6nvlzonnv7lxk8ID6DCPBLZ57FtQhoPDqGRwSqK+pmJH/X2aANAwaQ mxJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1sAZlJcwcGAuBxy2zDHZ1DiIJwaRMvV29TySQQBk2kg=; b=WTuWHIIRzNQeMtUHuO7JZtaT8xoU+rtb/ALY+3lqhAiRkVfSNSMVyS2jZbVzrjRUts dB+rzaiztabKWDypLaEZMDgUHEAKeaz3GW2c1of9SCTa9R6cBcLTyXnsxOoZta30HQJc I4mwXvU5XSrHXDsM4PENSVJqdLrxN2eKBkvVHm6MyGa5XLh9QrFRyBwa02oabB1kmvd+ wonEponnqja0UP9Zli8XbQAnk7ggrbcPv1b3LizyWD0/VY4MSk/uq78x2fWE4JNaigXk x9SiqxYZwda/Gr9hV7F39T6/KgzjBgx1x+Rb489TBv+q5k3tPoVmh0pfyilJmBQwudH0 9Hrg==
X-Gm-Message-State: ALyK8tJAnJgPcGEe7x3CGTl3QEWJRmuniR3fWbAZmfDPr/mlwmbJxld5/Ti9c89lwXjPVVtAlwk+RzwSVCufwg==
X-Received: by 10.55.3.143 with SMTP id 137mr70712240qkd.154.1469111684344; Thu, 21 Jul 2016 07:34:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.50.86 with HTTP; Thu, 21 Jul 2016 07:34:43 -0700 (PDT)
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 21 Jul 2016 18:34:43 +0400
Message-ID: <CAMr0u6kpnFn3NAwNmqXEj9P0AczrMXx26MbgxkM-ZdaFahwKSQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>, =?UTF-8?B?6L6b5pif5ryi?= <seonghan.shin@aist.go.jp>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary=001a114c753c14bdfc0538263848
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/s7YN92hVNVymffS_Y_FAmmAv7S8>
Resent-From: <alias-bounces@ietf.org>
Resent-To: @ietf.org
Subject: [Cfrg] Questions about contents of PAKE drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 14:34:55 -0000

Good afternoon, dear colleagues!

As Kenny Paterson suggested yesterday, I'd like to send our questions
related to our SESPAKE document (that I enumerated in my slides yesterday)
to the mailing list.

They were asked in the context of SESPAKE but are applicable to all PAKE
documents in some way.

- Should we include the optimization techniques in the document?
- Should we describe common anonymization methods in the document?
- Should we include comments about security against specific subtle attack
scenarios (cf. attacks on SPEKE)?
- Should we define some "`default"' algorithms and parameters (e.g. SHA-3
and Ed25519 curve) for use with the protocol?
- The current examples now are for the Russian Stribog hash and elliptic
curves --- for which algorithms should we include examples in the final
version?

Thank you in advance for your comments.

Best regards,
Stanislav Smyshlyaev