Re: [Crypto-panel] Fwd: [Cfrg] Adoption call for draft-harkins-pkex-05
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 05 August 2018 20:44 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4B47130E2E for <crypto-panel@ietfa.amsl.com>; Sun, 5 Aug 2018 13:44:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wx6cSEdVhQRu for <crypto-panel@ietfa.amsl.com>; Sun, 5 Aug 2018 13:44:14 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAE3E130DC5 for <crypto-panel@irtf.org>; Sun, 5 Aug 2018 13:44:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 94F24BE2E; Sun, 5 Aug 2018 21:44:11 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lildTwowk_x8; Sun, 5 Aug 2018 21:44:04 +0100 (IST)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8C056BE24; Sun, 5 Aug 2018 21:44:04 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1533501844; bh=I6N1AWMC5PTB+Hy2Bam9XX7c1ONbRpMvS2z5nWfWTRk=; h=To:References:From:Subject:Date:In-Reply-To:From; b=Ae6ZE3Boxf3NM8lDXZpEdrXqP4c4UCO7sjKyIQlJCL9yIDUC4JY8mKkxHZtAJIbl5 ynW7Gg99LHwKM/jsyeTBRBlfZ9e2ZCrWk71ShhiK9n3+W5XWGEYw4N5ZVuNJD8i9cA 1yJR+gPOW9gItV5GWN6jm6baRmKRu/3mzpJnzwEs=
To: Alexey Melnikov <alexey.melnikov@isode.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>
References: <5ACA0006.4020809@isode.com> <81b1e125-d386-a42f-f471-5aad378a6123@isode.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABzTJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsLBgAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxM7BTQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAcLBZQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <91063cc5-b392-d807-afa3-278d2baeda71@cs.tcd.ie>
Date: Sun, 05 Aug 2018 21:44:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <81b1e125-d386-a42f-f471-5aad378a6123@isode.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="UlOgxx0oo6AzdtRVJGZ4uR84DU1AZuQTi"
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/hWYZjhoABn-4DtAOSChsCE-graE>
Subject: Re: [Crypto-panel] Fwd: [Cfrg] Adoption call for draft-harkins-pkex-05
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Aug 2018 20:44:19 -0000
Hiya, On 05/08/18 14:34, Alexey Melnikov wrote: > Dear Crypto Panel members, > > Does anybody else wants to weigh in on whether this draft should be > taken as a new work item by CFRG. (If you already replied on the CFRG > mailing list, you don't need to state your opinion again.) I just re-scanned the mails to the list on this going back to 2016. I also flicked through the draft. 1. I'm not a fan of PAKEs in general, they generally seem to be solutions looking for problems. And there are so many of 'em and so many variations they cause, like this protocol! I do recognise though that CFRG seems to have reached consensus that PAKEs are worth spending time on. (So, I'm in the rough there.) That said, I also think CFRG's best work is done when there's a need for the output(s) concerned, and I'm not clear that that applies in this case (or with PAKEs generally;-). 2. Section 3 says: "Due to the nature of the exchange, only DSA ([DSS]) and ECDSA ([X9.62]) keys can be exchanged with PKEX." I think that's a showstopper, as deployments of this protocol would need to be replaced if use of DSA/ECDSA wasn't desired. If that restriction can't be removed, then I don't think this ought be adopted. 3. As to the lack of proofs, I don't think that ought be a problem at this stage, if the RG adopt the work on condition that it not be published as an RFC until relevant proofs are available. I do think that requiring (relevant) proofs be available for CFRG primitives seems like a reasonable ask, but I guess the RG would need to be asked about that as a general question. (All that said, the main author is well used to fighting and winning the long fight, so adoption in this case will likely mean the eventual publication of an RFC, no matter what conditions are imposed.) Mostly because of #2, (but admitting my #1 bias:-), I'm against adopting this. I'd be fine with sending this mail to the list if that's useful, but it might not be useful, given that it could start two hard-to-resolve debates. If the issues related to #1 (real need), #2 (mechanisms with limited agility) and #3 (need for proofs to go with novel mechanisms) were put to the RG, and if you got consensus one way or another as to the direction(s) folks want to take, that might be useful in resolving questions like these. (In case it helps, and in case it's not clear:-) My take on those would be 1: a real need is needed, 2: in general, say no to mechanisms that are tightly bound to specific algs, lastly, 3: yes, for novel mechanisms, require relevant proofs unless there's a good argument that that's not needed. Cheers, S. PS: As a nit, the title seems fairly misleading to me. > > Thank you, > Alexey > > -------- Forwarded Message -------- > Subject: [Cfrg] Adoption call for draft-harkins-pkex-05 > Date: Sun, 8 Apr 2018 12:41:58 +0100 > From: Alexey Melnikov <alexey.melnikov@isode.com> > To: cfrg@irtf.org <cfrg@irtf.org> > > Dear CFRG participants, > This message is starting a 2 weeks adoption call for > draft-harkins-pkex-05 (Public Key Exchange). From the document's > Introduction: > > [RFC7250] further states that "the main security challenge [to using > 'raw' public keys] is how to associate the public key with a specific > entity. Without a secure binding between identifier and key, the > protocol will be vulnerable to man-in-the- middle attacks." > > The Public Key Exchange (PKEX) is designed to fill that gap: it > establishes a secure binding between exchanged public keys and > identifiers, it provides proof-of-possession of the exchanged public > keys to each peer, and it enables the establishment of trust in > public keys that can subsequently be used to facilitate > authentication in other authentication and key exchange protocols. > At the end of a successful run of PKEX the two peers will have trust > in each others exchanged public keys and also share an authenticated > symmetric key which may be discarded or used for another purpose. > > The adoption call will last for 2 weeks and will end on April 22nd. > > Thank you, > Kenny and Alexey > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel >
- [Crypto-panel] Fwd: [Cfrg] Adoption call for draf… Alexey Melnikov
- Re: [Crypto-panel] Fwd: [Cfrg] Adoption call for … Yaron Sheffer
- Re: [Crypto-panel] Fwd: [Cfrg] Adoption call for … Stephen Farrell