Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
Simo Sorce <ssorce@redhat.com> Wed, 30 May 2018 14:24 UTC
Return-Path: <ssorce@redhat.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C0B812DB71 for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 07:24:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utHHT-V6dqE9 for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 07:24:54 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1697F12DA04 for <curdle@ietf.org>; Wed, 30 May 2018 07:24:53 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7B69A2DACE7; Wed, 30 May 2018 14:24:53 +0000 (UTC)
Received: from ovpn-117-5.phx2.redhat.com (ovpn-117-5.phx2.redhat.com [10.3.117.5]) by smtp.corp.redhat.com (Postfix) with ESMTP id EDBCD608EF; Wed, 30 May 2018 14:24:52 +0000 (UTC)
Message-ID: <1527690292.25240.46.camel@redhat.com>
From: Simo Sorce <ssorce@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hubert Kario <hkario@redhat.com>, curdle <curdle@ietf.org>
Date: Wed, 30 May 2018 10:24:52 -0400
In-Reply-To: <CABcZeBNq3kDq5=0K4ov1yOCEAX8sqPHfYZDsNz1V6dn+WPBb0g@mail.gmail.com>
References: <CABcZeBNCUSpGihHz6bPBSALS4-34Tm7W36BCZ_Ev8OQz3KtVag@mail.gmail.com> <1526923646.10011.43.camel@redhat.com> <CABcZeBO9fhkjcfqomnmyY8YJw93u9t7B=QC05aDGBwGgAOpd_w@mail.gmail.com> <34725207.E0R9U7BB6Z@pintsize.usersys.redhat.com> <1527683712.25240.42.camel@redhat.com> <CABcZeBNq3kDq5=0K4ov1yOCEAX8sqPHfYZDsNz1V6dn+WPBb0g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 30 May 2018 14:24:53 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/vaHENslR0tyd1gAxid6Y6Pq-eaU>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 14:24:56 -0000
On Wed, 2018-05-30 at 06:24 -0700, Eric Rescorla wrote: > Sure. I was thinking something like this > > 5.1. > 5.1.1. Generic Procedures > - Generating a DH ephemeral > - Verifying the peer's ephemeral > - Computing the shared key > - Verifying the output > - Computing the key hash and MIC > > 5.1.2. GSS Key Exchange Steps > Client calls GSS_Init_sec_context()... [5.1.1 step 2] > Server verifies Q_C and calls GSS_Accept_sec_context [5.1.1, step 4] > Server generates ephemeral and computes the shared key [reduced 5.1.1 step > 5] > Server call to GSS_Accept_sec_context [5.1.1 step 6] > Client verifies Q_S and computes the shared key [5.1.1 step 7++] > Client calls GSS_VErifyMIC [5.1.1. step 8] > > It's hard for me to see if you caught everything else. If you want to > submit a new draft, I can take a look, either before or after this > change. Ok, I guess will try to get the change above in first; to cut on draft churn. in the meanwhile if you want to see the current text we are working on it is available here[1], with commit history (so you can diff [2] for the previous draft [3] if you wish). Simo. [1] https://github.com/simo5/ietf/blob/master/draft-ietf-curdle-gss-key ex-sha2.xml [2] https://github.com/simo5/ietf/compare/cbb10832e376e3abab3164f9bb7d2 e759c2bea0b...6057b9920920640f8f193160d00150890adc222b [3] https://github.com/simo5/ietf/blob/cbb10832e376e3abab3164f9bb7d2e75 9c2bea0b/draft-ietf-curdle-gss-keyex-sha2.xml > -Ekr > > > > > > > On Wed, May 30, 2018 at 5:35 AM, Simo Sorce <ssorce@redhat.com> wrote: > > > On Wed, 2018-05-30 at 12:25 +0200, Hubert Kario wrote: > > > On Tuesday, 29 May 2018 21:27:34 CEST Eric Rescorla wrote: > > > > On Mon, May 21, 2018 at 10:27 AM, Simo Sorce <ssorce@redhat.com> > > > > wrote: > > > > > On Fri, 2018-05-18 at 14:12 -0700, Eric Rescorla wrote: > > > > > > These changes look fine, though they only address some of my > > > > comments. > > > > > > > > > > Just for clarity, is the change to describe the whole DH exchange in > > > > > one place what you see missing ? Is that a deal breaker ? > > > > > Anything else ? > > > > > > > > That and the repeated text that is the same for each group. > > > > > > the fix for repeated text about groups is already merged to master, for > > > > ECDHE: > > > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3 > > > > 82ba26a911/ > > > draft-ietf-curdle-gss-keyex-sha2.xml#L537-L553 > > > and for FFDHE: > > > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3 > > > > 82ba26a911/ > > > draft-ietf-curdle-gss-keyex-sha2.xml#L148-L164 > > > > Thanks Hubert. > > > > Eric, > > it be nice if you could give guidance on how you would like to see the > > DH exchange explanation changed, assuming that's the only thing of > > concern left for you, feel free to point out anything else as well. > > > > If you prefer to have a new draft submitted, with the changes above, as > > a baseline for further discussion, I can submit one. > > > > Simo. > >
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- [Curdle] AD Review of draft-ietf-curdle-gss-keyex… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Russ Housley
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark Baushke
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Benjamin Kaduk
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark D. Baushke
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Daniel Migault
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce