Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05

Simo Sorce <ssorce@redhat.com> Wed, 30 May 2018 14:24 UTC

Message-ID: <1527690292.25240.46.camel@redhat.com>
From: Simo Sorce <ssorce@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hubert Kario <hkario@redhat.com>, curdle <curdle@ietf.org>
Date: Wed, 30 May 2018 10:24:52 -0400
In-Reply-To: <CABcZeBNq3kDq5=0K4ov1yOCEAX8sqPHfYZDsNz1V6dn+WPBb0g@mail.gmail.com>
References: <CABcZeBNCUSpGihHz6bPBSALS4-34Tm7W36BCZ_Ev8OQz3KtVag@mail.gmail.com> <1526923646.10011.43.camel@redhat.com> <CABcZeBO9fhkjcfqomnmyY8YJw93u9t7B=QC05aDGBwGgAOpd_w@mail.gmail.com> <34725207.E0R9U7BB6Z@pintsize.usersys.redhat.com> <1527683712.25240.42.camel@redhat.com> <CABcZeBNq3kDq5=0K4ov1yOCEAX8sqPHfYZDsNz1V6dn+WPBb0g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/vaHENslR0tyd1gAxid6Y6Pq-eaU>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
Precedence: list

On Wed, 2018-05-30 at 06:24 -0700, Eric Rescorla wrote:
> Sure. I was thinking something like this
> 
> 5.1.
> 5.1.1. Generic Procedures
> - Generating a DH ephemeral
> - Verifying the peer's ephemeral
> - Computing the shared key
> - Verifying the output
> - Computing the key hash and MIC
> 
> 5.1.2. GSS Key Exchange Steps
> Client calls GSS_Init_sec_context()... [5.1.1 step 2]
> Server verifies Q_C and calls GSS_Accept_sec_context [5.1.1, step 4]
> Server generates ephemeral and computes the shared key [reduced 5.1.1 step
> 5]
> Server call to GSS_Accept_sec_context [5.1.1 step 6]
> Client verifies Q_S and computes the shared key [5.1.1 step 7++]
> Client calls GSS_VErifyMIC [5.1.1. step 8]
> 
> It's hard for me to see if you caught everything else. If you want to
> submit a new draft, I can take a look, either before or after this
> change.

Ok, I guess will try to get the change above in first; to cut on draft
churn.
in the meanwhile if you want to see the current text we are working on
it is available here[1], with commit history (so you can diff [2] for
the previous draft [3] if you wish).

Simo.

[1] https://github.com/simo5/ietf/blob/master/draft-ietf-curdle-gss-key
ex-sha2.xml
[2] https://github.com/simo5/ietf/compare/cbb10832e376e3abab3164f9bb7d2
e759c2bea0b...6057b9920920640f8f193160d00150890adc222b
[3] https://github.com/simo5/ietf/blob/cbb10832e376e3abab3164f9bb7d2e75
9c2bea0b/draft-ietf-curdle-gss-keyex-sha2.xml 

> -Ekr
> 
> 
> 
> 
> 
> 
> On Wed, May 30, 2018 at 5:35 AM, Simo Sorce <ssorce@redhat.com> wrote:
> 
> > On Wed, 2018-05-30 at 12:25 +0200, Hubert Kario wrote:
> > > On Tuesday, 29 May 2018 21:27:34 CEST Eric Rescorla wrote:
> > > > On Mon, May 21, 2018 at 10:27 AM, Simo Sorce <ssorce@redhat.com>
> > 
> > wrote:
> > > > > On Fri, 2018-05-18 at 14:12 -0700, Eric Rescorla wrote:
> > > > > > These changes look fine, though they only address some of my
> > 
> > comments.
> > > > > 
> > > > > Just for clarity, is the change to describe the whole DH exchange in
> > > > > one place what you see missing ? Is that a deal breaker ?
> > > > > Anything else ?
> > > > 
> > > > That and the repeated text that is the same for each group.
> > > 
> > > the fix for repeated text about groups is already merged to master, for
> > 
> > ECDHE:
> > > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3
> > 
> > 82ba26a911/
> > > draft-ietf-curdle-gss-keyex-sha2.xml#L537-L553
> > > and for FFDHE:
> > > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3
> > 
> > 82ba26a911/
> > > draft-ietf-curdle-gss-keyex-sha2.xml#L148-L164
> > 
> > Thanks Hubert.
> > 
> > Eric,
> > it be nice if you could give guidance on how you would like to see the
> > DH exchange explanation changed, assuming that's the only thing of
> > concern left for you, feel free to point out anything else as well.
> > 
> > If you prefer to have a new draft submitted, with the changes above, as
> > a baseline for further discussion, I can submit one.
> > 
> > Simo.
> >

Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
[Curdle] AD Review of draft-ietf-curdle-gss-keyex… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Russ Housley
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark Baushke
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Benjamin Kaduk
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark D. Baushke
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Daniel Migault
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce