IETF Logo Mail Archive

Re: [Crypto-panel] Fwd: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 17 August 2020 11:49 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05CFC3A14D2 for <crypto-panel@ietfa.amsl.com>; Mon, 17 Aug 2020 04:49:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=c1GyOJbw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=SUU5gqaU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Mg4Dg24E8Nv for <crypto-panel@ietfa.amsl.com>; Mon, 17 Aug 2020 04:49:41 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36A843A14D8 for <crypto-panel@irtf.org>; Mon, 17 Aug 2020 04:49:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20322; q=dns/txt; s=iport; t=1597664981; x=1598874581; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+n6EqL1GZdPslbUH/rICHWPhHUnRBwB/VjJ2pax0Vs0=; b=c1GyOJbw5qq10/7R+Wryq4e2gqMYZjenHF7aPeoiIzx4+jd2VkCisQ6Q ZydokhIKkPCTDDZtQ30O6Bb9SwQQMgR/qhlHhsfe9MEVKD1IxHXTUN9Lt hTB1BqYeArXHeCca+HLv9syPqXR1rghzopw6/TttZzbEtaQXezbryMEkJ g=;
IronPort-PHdr: 9a23:nIwJPRNz8ISnppPf8Mwl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKwx3lDMVITfrflDjrmev6PhXDkG5pCM+DAHfYdXXhAIwcMRg0Q7AcGDBEG6SZyibyEzEMlYElMw+Xa9PBtaHc//YxvZpXjhpTIXEw/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AgBABXbjpf/5pdJa1fHAEBAQEBAQcBARIBAQQEAQGBeQQBAQsBgSIvKSgHcFgvLAqELYNGA41bigiJdIRtgUKBEQNVCwEBAQwBARgBCgoCBAEBhAhEAheCNAIYDDcGDgIDAQELAQEFAQEBAgEGBG2FXAyFcQEBAQECAQEBEBEKEwEBIwYDCwEECwIBBgIRBAEBARUDDwMCAgIfBgsUCQgCBAENBQgagwWBfk0DDiABDpMSkGgCgTmIYXaBMoMBAQEFgTcCDkGDJg0Lgg4JgTgBgnCDYIEChAclgR4bgUE/gRFDgk0+ghpCAQECAQEVfw08FRYJCAEQgkgzgi2PaIMbhmGbflEKgmKIY4w+hSCDAIEjiDmEFY8wkjmKQ4JlkhcCBAIEBQIOAQEFgUApJIFXcBUaIYJpCUcXAg2OH4ElAQiCQ4UUhUJ0NwIGAQkBAQMJfI4MgQ8BgRABAQ
X-IronPort-AV: E=Sophos;i="5.76,322,1592870400"; d="scan'208,217";a="812953308"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Aug 2020 11:49:39 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 07HBndGw027969 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 17 Aug 2020 11:49:39 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 17 Aug 2020 06:49:39 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 17 Aug 2020 07:49:38 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 17 Aug 2020 06:49:38 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PGrijSZuvZ4ebmTsE8xLOJx+Aq+3MIVJ3zT1Gm8AYPcQyxTqGoSG7N3hoPQhmU7eOnKfYMhPQk/KuUH6Xi7midaU1a2tWJaQkzyN3Se5+rK4kzGV+s+Vtv3knlhHerOzDgMteK/wbJJDZbXcWr8Y6i689Dxek1k5sU07lwdkifiPyxSUyyyW8ZszMkUOtgpJkWjnE5zD21SZXD4s8DXmFwg1VFNSyKDllkzmI482JPACgBJqi6cow2VFLJaY4s64AMzrNa+97zIMg3jpcR+w84vgEdy1n3W9y8+noT2gPj2zgv/N5G9WmJDafKAF3LYtpEu1DLKdQKaM3zuisg2wyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+n6EqL1GZdPslbUH/rICHWPhHUnRBwB/VjJ2pax0Vs0=; b=gK8nDOCrTybCDLeq0JY8K0zBPUDUyDUczTGLGQVGqFo4YPB/nG330QV3rO+vMSOSKhCQ4TB9iuZN8EmRh7I0FlYYNOBglvtatUupvdl+aJsCPIqmHESix7c7VMD8RnjhT8DRLtk5Z0hVCdhVIjDA6rGXRzNGobzK/DrA0FjRNE+TMxg3B1ArpN/TLs4EDtEobUenU922FgMVqlbfbtj4sk0nU6VZJjrg2ZsH9moqeXfRl7NZcsQ5wD33BilZQeRyUvnT5AlUkfztyeHdmOjy7+oiiBS/0VgdXSgagysXPdYf2P7+5+V6eGXgTh64T0TeCVfG7EcY7rTwnWAmWK0XwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+n6EqL1GZdPslbUH/rICHWPhHUnRBwB/VjJ2pax0Vs0=; b=SUU5gqaUhiab8xk6W7IBxL6FByQLntwtUJD+8Nw4ulq2tE+s9QIFPNvHXRxX3iob6IP9fUpln3jZ3t2Yc5QN3ar2eesyoCD1zxC9LkQgxfvsl6teYfZ4aNsQtm0BLHtk5sP8w4wVk+C08idX9KO1cxEQIXvN34z3hEmpODvmW3c=
Received: from BN7PR11MB2641.namprd11.prod.outlook.com (2603:10b6:406:b1::25) by BN6PR11MB1393.namprd11.prod.outlook.com (2603:10b6:404:3c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.24; Mon, 17 Aug 2020 11:49:35 +0000
Received: from BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::5018:edeb:b77d:4d65]) by BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::5018:edeb:b77d:4d65%3]) with mapi id 15.20.3283.027; Mon, 17 Aug 2020 11:49:35 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, Russ Housley <housley@vigilsec.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>
CC: Alexey Melnikov <alexey.melnikov@isode.com>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
Thread-Topic: [Crypto-panel] Fwd: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt
Thread-Index: AQHWb1SYKtI8ksbQ50W91tFoL2ieSqkxyx+AgAE1sgCAAB2ygIAAAQAAgAAEEACACOHPgIAANM5g
Date: Mon, 17 Aug 2020 11:49:35 +0000
Message-ID: <BN7PR11MB26415022F5F2FB219554DC6DC15F0@BN7PR11MB2641.namprd11.prod.outlook.com>
References: <159709115024.10897.5395496576031260366@ietfa.amsl.com> <CACsn0cmX=DWCP5gpmPbzS=UjXfkBP9ObNpmEXPddsZJHbbhC-g@mail.gmail.com> <CAMr0u6k0f52E0i0ds9gR-xJ=M69RCV1vcYZJXi4Ycyc8QtBV3w@mail.gmail.com> <A0F53C47-3D85-4070-8ED4-A86E50899D13@vigilsec.com> <5f6565e7-49cb-32c4-1873-bac014cee965@isode.com> <80792d11-5400-1c79-ac60-d28d2ae803f0@isode.com> <CAMr0u6=Qokwbe6uUPQbBk3ZO4yUzm+UJT6uUPdjaK20tR837cQ@mail.gmail.com>
In-Reply-To: <CAMr0u6=Qokwbe6uUPQbBk3ZO4yUzm+UJT6uUPdjaK20tR837cQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8cd68df8-85d2-4e83-6218-08d842a39cee
x-ms-traffictypediagnostic: BN6PR11MB1393:
x-microsoft-antispam-prvs: <BN6PR11MB1393A362A4C776D6DB375F7BC15F0@BN6PR11MB1393.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F0PcMKG0vpNBsG27zyYUashJh5Xv188ebyKfB7WV4sXgdcL+adGo1jHu5jCzz2Gd9xPVtqP6tSxq2pTd4ikwlabKpmWe32A6YAP+n5soSdfm1TKEK4NS+OXEzpwat9syonpYJ6ZJhwuoBdI8C9pe2oROXvJ0PRqSGUecMGxc/jxS3sS/SPbzciPIIcwng6YPlALjeIoSZvl/qloLuzptqfnNRGx40oIk7D6lqOwF3cKu4ZLrvlg52JW2rsan9wMRt9PJTvEX9X922JjInrEpAa4EWDAsrimfESUDnJPgVbyMdz1pcvYGNF2x0ORq7aEsPsZnDgcwuW4UUP6pR+X8nluHIidSQ0wVg4B+qFpGtEF6jxaNzlx7lrpuTE1qdmhgs16MoB83QxUkwFx48+07CA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2641.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(346002)(136003)(39860400002)(396003)(76116006)(2906002)(33656002)(66574015)(5660300002)(66476007)(66556008)(4326008)(83380400001)(52536014)(64756008)(66446008)(66946007)(86362001)(71200400001)(6506007)(53546011)(110136005)(7696005)(55016002)(166002)(186003)(26005)(9686003)(54906003)(966005)(8936002)(478600001)(8676002)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: LEwMjzHQ6Sm60IdPkn0qfFIcdfi4JkLntsnRFgTqS8LRiXMu0zWm8leYKpQa19aaBYfoDYn12O78wsxXYrrYFObAfjcJZUGnF29VX6rMVqJQZgvX2tL8Rv2BfvsOExSNk367Fr9w3EyBWpoaUibNBUzHWyXgFv6roLfWsnUwfsC6GXd/54PbgeyafBBZnuHMtetM9G7Jn/MMs5a3yV1dYwJ8JfVvCdQMvkKBgoa9bS8gKnVHzFe9F4yqd+oRXRpjYqbYqrXYXJSkzMKnm1hqDoZ43yhg6dmdgE1Ki1fOuweoTbcGcfQFEjWFY9T3OetKR8ncDrNklIBv186WnHEOQ5trYnLFQuc6Fc/xM6CtuEKRYiQsAse6wLyOvfEVaWvHmyGIODHcoUPMS6uMLOtqtj3hv74pR+9sHYHOh+nINagQkUWumnVuLFN21IdNhHjSESIWqiwsRd5kFS/5KdRLiMJmPmQw8BJZcMHixeZAB4uyPJRcLLgsRfDRL07v6yQOc/KZEwaPf0KsznUrdm/bB9LYYI4o6MJoel+tusNtBieXgdOBtK+Um7OMY7pEPcQFhvreuHBsUQP9T7fBu42hecvB4eBSS/BVwmop9/Ziovp130zPalYvN9pd337A3Hai186klW5x6C33jEInwyQqfg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB26415022F5F2FB219554DC6DC15F0BN7PR11MB2641namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2641.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8cd68df8-85d2-4e83-6218-08d842a39cee
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2020 11:49:35.1996 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 66idtCpzYz7aSoElnZhhuXEKkdl6HDUY+0E2hD7FVNlEbtkvMQH4nV1IohJq6AiEM5mu7QKTI3D+5VB87hiUmA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1393
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/4qZLWumRF0ffERmXrh6TBwaU0tA>
Subject: Re: [Crypto-panel] Fwd: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 11:49:45 -0000

I’ll take a quick look at it.

From: Crypto-panel <crypto-panel-bounces@irtf.org> On Behalf Of Stanislav V. Smyshlyaev
Sent: Monday, August 17, 2020 4:40 AM
To: Russ Housley <housley@vigilsec.com>; crypto-panel@irtf.org
Cc: Alexey Melnikov <alexey.melnikov@isode.com>; cfrg-chairs@ietf.org
Subject: Re: [Crypto-panel] Fwd: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt

Dear Russ, dear Crypto Panel experts,

Any volunteers for a quick review of the updated version of the SPAKE2 draft (before commencing a RGLC)?

Regards,
Stanislav

On Tue, 11 Aug 2020 at 20:02, Alexey Melnikov <alexey.melnikov@isode.com<mailto:alexey.melnikov@isode.com>> wrote:

On 11/08/2020 17:47, Alexey Melnikov wrote:

Hi Russ,
On 11/08/2020 17:43, Russ Housley wrote:
> We recommend the following two protocols to be selected as «recommended by the CFRG for usage in IETF protocols»: one balanced PAKE - CPace, and one augmented PAKE - OPAQUE.

What was the point of the selection process if we are going to publish the ones that were not selected too?

It is needed by Kitten WG for one of Kerberos documents. The idea is to publish it with a disclaimer that it predated PAKE selection process and was not selected as one of the finalists.
To clarify: we don't intend to publish any other PAKE candidates that weren't finalists.


Best Regards,

Alexey

Russ




On Aug 11, 2020, at 10:57 AM, Stanislav V. Smyshlyaev <smyshsv@gmail.com<mailto:smyshsv@gmail.com>> wrote:

Dear Crypto Panel experts,

Could someone please take a quick look at the updated version (taking into account the reviews made during the PAKE selection process)?

Regards,
Stanislav (on behalf of CFRG chairs)

---------- Пересылаемое сообщение ---------
От: Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>>
Дата: пн, 10 авг. 2020 г. в 23:29
Тема: Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-12.txt
Кому: <cfrg@ietf.org<mailto:cfrg@ietf.org>>


This fixes the comment on missing identities received during the PAKE
competition which was the only one I found.

I think it's ready for RGLC.

On Mon, Aug 10, 2020 at 4:27 PM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Crypto Forum RG of the IRTF.
>
>         Title           : SPAKE2, a PAKE
>         Authors         : Watson Ladd
>                           Benjamin Kaduk
>         Filename        : draft-irtf-cfrg-spake2-12.txt
>         Pages           : 16
>         Date            : 2020-08-10
>
> Abstract:
>    This document describes SPAKE2 which is a protocol for two parties
>    that share a password to derive a strong shared key with no risk of
>    disclosing the password.  This method is compatible with any group,
>    is computationally efficient, and SPAKE2 has a security proof.  This
>    document predated the CFRG PAKE competition and it was not selected.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-irtf-cfrg-spake2/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-irtf-cfrg-spake2-12
> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-spake2-12
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-spake2-12
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org<mailto:Cfrg@irtf.org>
> https://www.irtf.org/mailman/listinfo/cfrg



--
"Man is born free, but everywhere he is in chains".
--Rousseau.

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org<mailto:Cfrg@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
Crypto-panel mailing list
Crypto-panel@irtf.org<mailto:Crypto-panel@irtf.org>
https://www.irtf.org/mailman/listinfo/crypto-panel

v2.23.0 | Report a Bug | By Email