Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages

Feng Hao <feng.hao@newcastle.ac.uk> Sat, 04 January 2014 18:44 UTC

Return-Path: <feng.hao@newcastle.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E541AE08A for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 10:44:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YgOZRpNHgA3D for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 10:44:39 -0800 (PST)
Received: from cheviot22.ncl.ac.uk (cheviot22.ncl.ac.uk [128.240.234.22]) by ietfa.amsl.com (Postfix) with ESMTP id 077401AE051 for <cfrg@irtf.org>; Sat, 4 Jan 2014 10:44:38 -0800 (PST)
Received: from exhubvm01.ncl.ac.uk ([128.240.234.5] helo=EXHUBVM01.campus.ncl.ac.uk) by cheviot22.ncl.ac.uk with esmtp (Exim 4.63) (envelope-from <feng.hao@newcastle.ac.uk>) id 1VzWD0-00072L-Df; Sat, 04 Jan 2014 18:44:30 +0000
Received: from EXMBDB02.campus.ncl.ac.uk ([fe80::c039:e17:9d60:9f3]) by EXHUBVM01.campus.ncl.ac.uk ([2002:80f0:ea05::80f0:ea05]) with mapi id 14.03.0158.001; Sat, 4 Jan 2014 18:43:20 +0000
From: Feng Hao <feng.hao@newcastle.ac.uk>
To: David McGrew <mcgrew@cisco.com>
Thread-Topic: Suggestion for open competition on PAKE -> Was Re: [Cfrg] Dragonfly has advantages
Thread-Index: AQHPCWD7uc8g4tkQ/kavqKMss/3tVpp0xQUAgAAh5AA=
Date: Sat, 4 Jan 2014 18:43:20 +0000
Message-ID: <CEEDFACE.22CE5%feng.hao@newcastle.ac.uk>
In-Reply-To: <52C839D8.6010504@cisco.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.10.0.110310
x-originating-ip: [10.4.160.7]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3F261197E4FCC444A8F0138B80C904D6@fangorn.ncl.ac.uk>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Suggestion for open competition on PAKE -> Was Re: Dragonfly has advantages
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2014 18:44:41 -0000

Hi David,

On 04/01/2014 16:42, "David McGrew" <mcgrew@cisco.com> wrote:

>Hi Feng,
>
>thanks for your suggestion and comments.   A quick response to your
>suggestion:
>
>On 01/04/2014 10:23 AM, Feng Hao wrote:
>>
>> It will be very helpful to have an open competition among the
>>contemporary
>> PAKEs to choose those that are secure, efficient and patent/loyal-free.
>> That should include both balanced and augmented PAKEs to suit for
>> different application requirements.
>>
>> It will be timely and nice if IETF/CFRG can help coordinate such.
>>
>
>It would be a good idea for the RG to author an RFC describing the
>requirements of PAKE protocols and surveying the existing protocols.
>The RFC could also record the consensus of the RG, if there is one, and
>describe the diversity of opinion otherwise. This is not quite the same
>as a competition, but it would fit easily into the IRTF process.   I
>would expect that there would be multiple authors, probably including
>multiple PAKE protocol authors.   We should also line up some reviewers
>as well.  What do you think?

I think that's an excellent idea. I expect the most difficult part would
be to kick-start the process, so if it can easily fit into the IRTF
process, that will help. In the end, I think some form of competition
between existing PAKEs would be unavoidable, but if we keep the process
open and transparent, the competition should be healthy and beneficial to
everyone. 

>
>As a side note, I personally would also like to see
>guidance/documentation on how PAKEs can best be used, and I agree with
>your comment about bootstrapping authentication.  Replacing a raw
>username/password exchange inside of TLS with a PAKE would be good, and
>using a PAKE for password-based certificate enrollment would be good.
>Replacing certificate based authentication with a PAKE would be not so
>good.

Password-based AKE and PKI-based AKE (e.g., TLS/SSL) are two different
types of key exchange protocols. The former is not meant to replace the
latter, but the two can complement each other.

For the same reason, a balanced PAKE and an augmented PAKE are two types
of PAKEs. They can co-exist as well, suitable for different applications.

I think providing a suite of different types of "secure and efficient" key
agreement protocols is important, so people will have a choice to decide
which one suits their needs.

>
>David