[CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
Watson Ladd <watsonbladd@gmail.com> Tue, 28 May 2024 22:41 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB5C5C1D4A70 for <cfrg@ietfa.amsl.com>; Tue, 28 May 2024 15:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlPgLDx56Pkb for <cfrg@ietfa.amsl.com>; Tue, 28 May 2024 15:41:24 -0700 (PDT)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55125C1CAF41 for <cfrg@irtf.org>; Tue, 28 May 2024 15:41:24 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-4210aa00c94so11029125e9.1 for <cfrg@irtf.org>; Tue, 28 May 2024 15:41:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716936082; x=1717540882; darn=irtf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=EtOCvdydEPO3A5HWHEAlyd+SQwpnjVFzGRUYx+rWJtw=; b=CeCJczg4TkrzAHR7r+StP00RfmxN6Ymb/q8yUpuuLu0VHYmmioP1qrqtv1bGID+AE6 MTAfeuYCHPU9eFpbp2P589nqNt55CnX20NjRZOsguM8byGaXvHIUgFWoQiAjVEpHvTBU qW/sdxdCQ+g3px2uzQAJtVoGyBqXmMrJ2upaLhZ2S+BhHwV27poG0uv7Aar3CmmvV1Y1 rpblCgQtuSj2klaSoEPNv3Uu4JtVQYrTbYgRr0BpFBwM0uoVsmd9ire13X4z2Qm+GPEG PcwGCR9Vp3/ceaN309LHDxCr6Y94uuvlvOZFd20mBBzRyxXTZRKp+zf6ssCSqV5fKGSW 8HgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716936082; x=1717540882; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EtOCvdydEPO3A5HWHEAlyd+SQwpnjVFzGRUYx+rWJtw=; b=OBH5mqdbzYQmS231+8RTHlVBEg9j+WORtaquSOIpQoWOI0mcy2/EiqAaIXfhSpVwHv bYXMmXK1WkXfIyGEKkZzusfLVykfaoDeCScVpoKIXHCiLW5fDYWqUqqhvaGAXsOHuYPd oLgMjapuzbcTOfhrVTE17E/HVNCa61PG0QlErDW1aw76vmGWIJDug9N5+p/V+MipC5kz bNTIYXm19WK3YTkkSVVItf/7AeeXKsJMwl2RZGOpuCeuWj6J8pE1/nGkB9oyAs4BzhXz 3XxxASRuIsWpFwUXchfSrhsSfRhLc9BOJf0pmgy/3RUTyIz2rsjrAuLsPV9FYLmtOHKP WD1w==
X-Forwarded-Encrypted: i=1; AJvYcCUtvcRnlZMJ3RQYyXhculz4SZd+SqsSZhHc//0jTh4bErOvf6axikKN92EdMeEPAEAwUC6hUxQ7ywytkgZ5
X-Gm-Message-State: AOJu0YxPlbDWiX/AjlLXUddQxfYtB+iuUswfpC2XEZ+ZZ+EPfFfHpj9m Uv4jP7zDQ3dZIITFSmdXHTpGUw9ie5K6qQ9iGrfG9P5ULUQE7exvYBWHavui2K6+ueVpogM8hrL uJP3amanUR1gqGJHB0lYhxNmX0Ok=
X-Google-Smtp-Source: AGHT+IExFrrZ9UKt46J1NxgnBndLJJKGiRKOb8Q5OO8YiP6NYurhIvKE3/bskhQszmZMQiMQhVWD9dpEifgaTQPidn4=
X-Received: by 2002:a05:600c:3b89:b0:41a:b30e:42a3 with SMTP id 5b1f17b1804b1-42108a128f0mr103848365e9.37.1716936081911; Tue, 28 May 2024 15:41:21 -0700 (PDT)
MIME-Version: 1.0
References: <CADi0yUNbiVTe9BaoCFgDaTC06Z1LMAx6q2hJDiWydpy6xFqtRQ@mail.gmail.com> <GV1PR01MB8436B6B6B75DEBC9F1FB30A9D6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUNCkk8Y5dQJH6DjR33cP7KXXrQsmHfA0UDRxjGuoXCaLA@mail.gmail.com> <GV1PR01MB8436DBCC8F5B167B0B44490AD6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUPcyc9oSM4NqWynkWuTPStnD9yqt4XwmAg7c=XjCtik4A@mail.gmail.com> <GV1PR01MB84364908B61E293E46012214D6EB2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUOtSBmCnQMP-MoyzzxF6LZQcrKfo03sN2cNuO6MS74NAg@mail.gmail.com> <GV1PR01MB84361129416DC8B621CAAEDFD6F42@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <y5y4iquyvrao7jtpyc2ycjtz4sg5dbzhrhddz5j6rv3eydyd2o@zy65yreteuoh> <GV1PR01MB8436B919FE24E2E022639155D6F52@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <2dhbnlfzwgllzqc7farahxqkct3zqcoi7wdj7vybivlzzwxrei@e7phsvy5i6ae> <GV1PR01MB843618C88187FE124B1F142ED6F02@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CACsn0c=M5OofNyG8YhO4vYOWwFvZW9yLpwMGMXkkDrXZ=Ty1jw@mail.gmail.com> <GV1PR01MB8436ACA18A87EA7AA8A4EA57D6F02@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CABcZeBP64AC_mSgyU-YyQwCz3bHrbvcqB0xk0TdXampdCtvu6A@mail.gmail.com> <GV1PR01MB8436DDBCAF9F00DDCF34D19BD6F02@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CABcZeBPsVUaSsX-WOV9ow2tTSaZqspzeAoBhxLBBjJAav71C0g@mail.gmail.com> <CADi0yUO5QjyXhkA7S5z7js79OTQWFdwBnhAiSkR7BFC3H+B1oA@mail.gmail.com> <CACitvs_ngWdAmfSDD-EJG=0XVhkOmhhr=tvYQ+KB7bYXwqwEEw@mail.gmail.com> <GV1PR01MB84365706AFEA8749176AEF37D6F12@GV1PR01MB8436.eurprd01.prod.exchangelabs.com>
In-Reply-To: <GV1PR01MB84365706AFEA8749176AEF37D6F12@GV1PR01MB8436.eurprd01.prod.exchangelabs.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 28 May 2024 15:41:10 -0700
Message-ID: <CACsn0cmQ-V1UzgVw=8auXJFULMDZHkReRSYJp=ucp143puMVNQ@mail.gmail.com>
To: "Hao, Feng" <Feng.Hao=40warwick.ac.uk@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: HC4SVCB5KUK6XODKUVJVOVZDTY26ESHZ
X-Message-ID-Hash: HC4SVCB5KUK6XODKUVJVOVZDTY26ESHZ
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Kevin Lewi <lewi.kevin.k@gmail.com>, IRTF CFRG <cfrg@irtf.org>, Hugo Krawczyk <hugo@ee.technion.ac.il>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/sCVzsFPLiozixLvuDbShDdVjXCM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
On Tue, May 28, 2024, 2:20 PM Hao, Feng <Feng.Hao=40warwick.ac.uk@dmarc.ietf.org> wrote: > > Hi Kevin, > > > > Your description of the issue is accurate. Thanks for doing that. > > > > As you may be aware, any system that follows this default countermeasure will risk causing the Denial of Service attack to its own legitimate users. For most businesses, I’m fairly certain that’s unacceptable. Isn't this a property shared by all PAKE protocols or indeed any password based auth? Sincerely, Watson Ladd
- [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Russ Housley
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stefan Santesson
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 stef
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 stefan marsiske
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Campagna, Matthew
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev