Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages

Feng Hao <> Sat, 04 January 2014 18:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 64E541AE08A for <>; Sat, 4 Jan 2014 10:44:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YgOZRpNHgA3D for <>; Sat, 4 Jan 2014 10:44:39 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 077401AE051 for <>; Sat, 4 Jan 2014 10:44:38 -0800 (PST)
Received: from ([] by with esmtp (Exim 4.63) (envelope-from <>) id 1VzWD0-00072L-Df; Sat, 04 Jan 2014 18:44:30 +0000
Received: from ([fe80::c039:e17:9d60:9f3]) by ([2002:80f0:ea05::80f0:ea05]) with mapi id 14.03.0158.001; Sat, 4 Jan 2014 18:43:20 +0000
From: Feng Hao <>
To: David McGrew <>
Thread-Topic: Suggestion for open competition on PAKE -> Was Re: [Cfrg] Dragonfly has advantages
Thread-Index: AQHPCWD7uc8g4tkQ/kavqKMss/3tVpp0xQUAgAAh5AA=
Date: Sat, 4 Jan 2014 18:43:20 +0000
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US, en-GB
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 04 Jan 2014 18:44:41 -0000

Hi David,

On 04/01/2014 16:42, "David McGrew" <> wrote:

>Hi Feng,
>thanks for your suggestion and comments.   A quick response to your
>On 01/04/2014 10:23 AM, Feng Hao wrote:
>> It will be very helpful to have an open competition among the
>> PAKEs to choose those that are secure, efficient and patent/loyal-free.
>> That should include both balanced and augmented PAKEs to suit for
>> different application requirements.
>> It will be timely and nice if IETF/CFRG can help coordinate such.
>It would be a good idea for the RG to author an RFC describing the
>requirements of PAKE protocols and surveying the existing protocols.
>The RFC could also record the consensus of the RG, if there is one, and
>describe the diversity of opinion otherwise. This is not quite the same
>as a competition, but it would fit easily into the IRTF process.   I
>would expect that there would be multiple authors, probably including
>multiple PAKE protocol authors.   We should also line up some reviewers
>as well.  What do you think?

I think that's an excellent idea. I expect the most difficult part would
be to kick-start the process, so if it can easily fit into the IRTF
process, that will help. In the end, I think some form of competition
between existing PAKEs would be unavoidable, but if we keep the process
open and transparent, the competition should be healthy and beneficial to

>As a side note, I personally would also like to see
>guidance/documentation on how PAKEs can best be used, and I agree with
>your comment about bootstrapping authentication.  Replacing a raw
>username/password exchange inside of TLS with a PAKE would be good, and
>using a PAKE for password-based certificate enrollment would be good.
>Replacing certificate based authentication with a PAKE would be not so

Password-based AKE and PKI-based AKE (e.g., TLS/SSL) are two different
types of key exchange protocols. The former is not meant to replace the
latter, but the two can complement each other.

For the same reason, a balanced PAKE and an augmented PAKE are two types
of PAKEs. They can co-exist as well, suitable for different applications.

I think providing a suite of different types of "secure and efficient" key
agreement protocols is important, so people will have a choice to decide
which one suits their needs.