IETF Logo Mail Archive

[Cfrg] Question about Spake2

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 17 February 2020 14:51 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BEF12084C for <cfrg@ietfa.amsl.com>; Mon, 17 Feb 2020 06:51:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UnZhJH5B; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=TZ58OT7m
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yOKKIE6H9OLa for <cfrg@ietfa.amsl.com>; Mon, 17 Feb 2020 06:51:04 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611CB12004C for <cfrg@irtf.org>; Mon, 17 Feb 2020 06:51:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6849; q=dns/txt; s=iport; t=1581951064; x=1583160664; h=from:to:cc:subject:date:message-id:mime-version; bh=bbsSsmG0XzMNqS3bAULJA0hLzBWlwtEFDX70FnnY2Ig=; b=UnZhJH5BSq4vOF29hrzsHi8q7uLLmOw2FvhwIMGM74iC6Jx6p0TSTwkI M7NeL5+055SZAlo8qbQGKvVTQPA5oDR1PeX4gsAp0wDK8d6IT+sqFLt8G /GkPf5Y9qhfgELGgtBcGpES2RHSpugKNVhj2MIa4o54RQTW/mTNSfAGIX A=;
IronPort-PHdr: 9a23:vOa6Rh8U0se1R/9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdWLDVD7NvPwRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CsDgBNp0pe/4QNJK1mHgELHIMgL1AFbFggBAsqCodQA4p5lg+EYYJSA1QJAQEBDAEBLQIEAQGEQAKCAyQ4EwIDDQEBBQEBAQIBBQRthTcMhWkWGxMBATcBEQGBACYBBA4NGoMFgX1NAy4BoHMCgTmIYoIngn8BAQWFHRiCDAmBOIwkGoFBP4FYh1eDQIIslkaKA485CoI6BJZrmxqqGgIEAgQFAg4BAQWBaSKBWHAVgydQGA2OHYNzilN0gSmMZwGBDwEB
X-IronPort-AV: E=Sophos;i="5.70,453,1574121600"; d="scan'208,217";a="723758818"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Feb 2020 14:51:02 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 01HEp2Xd002389 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 17 Feb 2020 14:51:02 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 17 Feb 2020 08:51:01 -0600
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 17 Feb 2020 09:51:00 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 17 Feb 2020 08:50:59 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vf2Z9GISkI8ty4H2YI+hZQsjXjQd4ZNFqTNWF2qfn3wVdvWGGk+t5ZjvwJKHQxnVCqj/PDNMPfzijENr+LKoeYy3/icIO59o9I+lG+Byp5877mzPll0BJWAto5678/AeLrfK6h/d5YgMHDeelAfzs8AysTEAQMwGIfubHLC2nZ3UAtOE3Q+MvrCqX9GtLjIvKd9xDdK2TUFiG0CxpEzrmbF9oYJerr/vXoGQwjJimG1zU6vkYgGjSLM+0T4mFte2fMbHCNkCw7we33nfCRdC3WGP8tUtTuLf80Oc+dL9/kmNb49euw2ekAkuw8V76kYMDcXzuYu+QoBdpYRieq695Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0M7i6tjZeSsYfugzqNq8HozN30ON0JH5Y1hiNywcgRQ=; b=J0JBg+hiN6UtRzO9w7pznwefcNU8ZGDat0Whm/P8EHYXT7WbCzqw+ms/O9lBK02jVQDK+gIpjiyphQyB1+cIW74JEjH15sPSw6rCWSMnB+90xJDzEQ7lDJeFoKdHqsCHdoWaxUK9JE1+hjxfbrVpp7FNBwNNeqf7HFJNAUn9RxrcTYYhJtAZREeHfc59XfDagAEVDDI4R6x7HNFyqF4UiIF1QVTRxKNJvFoT3L4I+LWq88JIgwqG+QaMs9IcwJeVO83E/S71VACPBekMZzoovJaITJHlWDLbF900PyILgTJ/MomknCMCVANSr97fmw6DkmewZBoHtJIBUhiaJlO1ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0M7i6tjZeSsYfugzqNq8HozN30ON0JH5Y1hiNywcgRQ=; b=TZ58OT7mjLks93MO52naUeNS/9N26f1ZptwZURK1QF31EHdkhxdsvWyprltt9DP/n5bmsp/wckCfA6vl3ca4iKndrl2NJpDPVAEJhFOO3vKjby3nPuvOZ+ngF2di2fgB0QtcfoFamHSqJs4MQDri8sJ+2ORpQ9pbiYyjkxA8KmU=
Received: from MN2PR11MB3936.namprd11.prod.outlook.com (10.255.180.15) by MN2PR11MB3645.namprd11.prod.outlook.com (20.178.254.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.23; Mon, 17 Feb 2020 14:50:59 +0000
Received: from MN2PR11MB3936.namprd11.prod.outlook.com ([fe80::71a0:2f72:8146:9d8]) by MN2PR11MB3936.namprd11.prod.outlook.com ([fe80::71a0:2f72:8146:9d8%6]) with mapi id 15.20.2729.032; Mon, 17 Feb 2020 14:50:59 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Watson Ladd <watsonbladd@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: Question about Spake2
Thread-Index: AdXln1O6QRkSk0WrQTiloVKlcp3BEQ==
Date: Mon, 17 Feb 2020 14:50:58 +0000
Message-ID: <MN2PR11MB3936C825176FB68138A7B2CEC1160@MN2PR11MB3936.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=sfluhrer@cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6e7c5839-cbad-401a-708c-08d7b3b8cd03
x-ms-traffictypediagnostic: MN2PR11MB3645:
x-microsoft-antispam-prvs: <MN2PR11MB3645AA439587178D97C3B171C1160@MN2PR11MB3645.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0316567485
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(396003)(366004)(39860400002)(136003)(189003)(199004)(81156014)(81166006)(2906002)(9686003)(478600001)(52536014)(6916009)(8676002)(7116003)(71200400001)(4326008)(86362001)(26005)(6506007)(55016002)(66556008)(64756008)(66446008)(66476007)(5660300002)(76116006)(7696005)(66946007)(186003)(8936002)(33656002)(316002)(4744005); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3645; H:MN2PR11MB3936.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eEN1nr0L7dCKy+rNWueHKyU+WUCjXrMGWUEkOZTMEMrvQ8vNCZfbGW4UKVc3fE6fDXSBGElQaDI4C0gBk8iqa2Y7C89Ihv+saK4N5ZYPdWi5IUNqueOFuiwyFxR11aug2rNOM5xps7vWaAMc6B/C0BTZ5VqYzSnI0w+Oye4XNVF8maz3w7+dhL8hWkkOrxrfxJR/L8zgGKmKhblK8kEZLyFRk9OITDR8odt6Fh3VDOD2YsHkf9jmXZahjadUQHP5Hptf07JSTlnvcedAWy1DeTHdwaL9PCcBU4ohIDbnj+8WAmpbbtXtDwyCLmVvGFD8AYWmS3KoLWQ9xMmeB5+y+4dDCp3t0VqdoI0gnjkw9Vx3d3buGoQQ6ppYgulxbJz3M5GkQ1th0/tYS5LVnBsxo2oyi2bSiudpQuYKpfTZ1l8T5jtoOsjo+wdGVbR1fKQo
x-ms-exchange-antispam-messagedata: qaieLPem/MxlMXsaHAUtPdFxUneXtVhFOoC1pIGt7ZEk79GACq+umqHN5ke+lxkvrc41NhiJdqOMtu5CAyo03cGTmmbPKpoOq0UiArfw6y5JDd+7res1RRZlyR2gW0Eh+ROuoq52Fzsv17GYteUG+g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3936C825176FB68138A7B2CEC1160MN2PR11MB3936namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e7c5839-cbad-401a-708c-08d7b3b8cd03
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2020 14:50:58.9504 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lqtRw4aMTxhtQKoJHolOqxbeKX46Stst+fiyEZy4nP+DHw5W2aU5S600/JosAaO4DTFJPnXFeQutNm2zQZYLxw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3645
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/xhb8yq4f73mxsntRfvgd2MiPks4>
Subject: [Cfrg] Question about Spake2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2020 14:51:07 -0000

In your answer to Question 1 of the Round 2 questions, you stated:

The next version will include an option to have M and N based on party
identities, ensuring that an attacker with the ability to solve a
discrete logarithm problem can only compromise a single session per
discrete logarithm computed.

The current draft of Spake2 (draft-irtf-cfrg-spake2-09) does not include this option.  Will there be a version of the draft that would include this option that we could review?

BTW: my personal opinion is that this shouldn't be an option, instead it should be mandatory.  An option means that it is selectable by the protocol, and I distrust forcing the protocol designers to make decisions with security implications that they might not fully understand.

v2.23.0 | Report a Bug | By Email