Re: [Emu] Agenda Take 2
"Dan Harkins" <dharkins@lounge.org> Mon, 03 March 2008 07:08 UTC
Return-Path: <emu-bounces@ietf.org>
X-Original-To: ietfarch-emu-archive@core3.amsl.com
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64D0A3A67F7; Sun, 2 Mar 2008 23:08:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.833
X-Spam-Level:
X-Spam-Status: No, score=-0.833 tagged_above=-999 required=5 tests=[AWL=-0.396, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dGu0nD-Ad64R; Sun, 2 Mar 2008 23:08:52 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 418C43A6E61; Sun, 2 Mar 2008 23:07:27 -0800 (PST)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B6FCC3A67F7 for <emu@core3.amsl.com>; Sun, 2 Mar 2008 23:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClhUaBuasNSy for <emu@core3.amsl.com>; Sun, 2 Mar 2008 23:07:20 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id 30C903A6E3B for <emu@ietf.org>; Sun, 2 Mar 2008 23:07:20 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id A1C6A1FA620B; Sun, 2 Mar 2008 23:07:11 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sun, 2 Mar 2008 23:07:11 -0800 (PST)
Message-ID: <1692.69.12.173.8.1204528031.squirrel@www.trepanning.net>
In-Reply-To: <027501c87cf7$a71d22d0$f5576870$@shin@aist.go.jp>
References: <AC1CFD94F59A264488DC2BEC3E890DE50558F159@xmb-sjc-225.amer.cisco.com> <026b01c87cdd$02aabe20$08003a60$@shin@aist.go.jp> <1255.69.12.173.8.1204521406.squirrel@www.trepanning.net> <027501c87cf7$a71d22d0$f5576870$@shin@aist.go.jp>
Date: Sun, 02 Mar 2008 23:07:11 -0800
From: Dan Harkins <dharkins@lounge.org>
To: SeongHan Shin <seonghan.shin@aist.go.jp>
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
Cc: 'Kazukuni Kobara' <k-kobara@aist.go.jp>, emu@ietf.org
Subject: Re: [Emu] Agenda Take 2
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org
Hi Shin,
I'll put this on the list for cleanup in the -02 version.
In section 2.6.3.2 it describes constructing the password element
for a prime modulus group. It says:
pwd-value = KDF(pwd-seed, "EAP-pwd Affixing the PWE", len(p))
PWE = pwd-value mod p
this should be:
pwd-value = pwd-value mod p
We want to ensure the value stretched to the length of the prime is
numerically less than the prime. Section 2.6.3.2 goes on to say:
The PWE is then computed by exponentiating the pwd-value to the value
((p-1)/r) modulus the prime.
PWD = pwd-value ^ ((p-1)/r) mod p
I'm not sure where PWD came from :-). The convention is capitals for
elliptic curve groups to distinguish between elements and scalars. There
is no such convention for prime modulus groups so it should be:
The pwe is then computed by exponentiating the pwd-value to the value
((p-1)/r) modulus the prime.
pwe = pwd-value ^ ((p-1)/r) mod p
And then that "pwe" is used in 2.6.4.2. The idea is we take a pwe-seed
derived from the secret and identities and stretch that using the KDF
into a pwd-value which we reduce modulo the prime. The pwd-value is then
used to construct the password element, pwe, by exponentiating as
described above-- pwd-value ^ ((p-1)/r) mod p. I obviously messed up the
description of that.
As I said, I'll clean this up in the next version. If you do find any
security issues with this draft please let me know. And also if there are
other typographical errors or similar issues you come across please tell
me so I can clean them up.
regards,
Dan.
On Sun, March 2, 2008 10:27 pm, SeongHan Shin wrote:
> Dear Dan Harkins,
>
> Sorry, I didn't know that the ID is updated.
> Anyway, I'll go through the new ID.
>
> By the way, is "pwe" in section 2.6.4.2 the same as "PWE"?
>
> Best regards,
> Shin
>
> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@lounge.org]
> Sent: Monday, March 03, 2008 2:17 PM
> To: SeongHan Shin
> Cc: emu@ietf.org; 'Kazukuni Kobara'
> Subject: Re: [Emu] Agenda Take 2
>
>
> Hi Shin,
>
> That draft has been updated. Please see the -01 version. That is
> the one that will be presented in Philly and is, I believe, resistant
> to off-line dictionary attack. If you know of an attack against it
> I would be extremely interested in hearing about it.
>
> regards,
>
> Dan.
>
> On Sun, March 2, 2008 7:16 pm, SeongHan Shin wrote:
>> Dear all,
>>
>> This is Shin.
>> I read the below ID (Password only Mechanism)
>> http://tools.ietf.org/id/draft-harkins-emu-eap-pwd-00.txt
>> to be presented at IETF 71.
>>
>> The idea of the protocol seems interesting.
>> However, I found that the protocol is susceptible to off-line dictionary
>> attack.
>> If someone is interested, I'll show how the attack works.
>> (you may already know that.)
>>
>> Best regards,
>> Shin
>>
>>
>> -----Original Message-----
>> From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On Behalf Of
>> Joseph
>> Salowey (jsalowey)
>> Sent: Thursday, February 28, 2008 8:04 AM
>> To: emu@ietf.org
>> Subject: [Emu] Agenda Take 2
>>
>> EMU Agenda
>> IETF 71
>> THURSDAY, March 13, 2008
>> 0900-1130 Morning Session I
>> ---------------------------------------------
>> + Administrivia (5 min)
>> - agenda, blue sheets, note takers
>>
>> + Document Status (5 min)
>> - EAP-TLS - draft-simon-emu-rfc2716bis-13.txt
>> - EAP-GPSK - draft-ietf-emu-eap-gpsk-08.txt
>>
>> + Charter Revision Status (70 min)
>> - General text (10 min)
>> - Tunnel Method (20 min)
>> - Secure Password Only Method (20 min)
>> - Channel Bindings (20 min)
>>
>> + Tunnel Method Requirements (30 min)
>> - draft-salowey-emu-eaptunnel-req-00.txt
>>
>> + Channel Bindings (20 min)
>> - draft-clancy-emu-chbind-00.txt
>> - draft-clancy-emu-aaapay-00.txt
>>
>> + Password only Mechanism (20 min)
>> - draft-harkins-emu-eap-pwd-00.txt
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
>>
>>
>>
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
>>
>
>
>
>
>
>
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
- [Emu] Agenda Take 2 Joseph Salowey (jsalowey)
- Re: [Emu] Agenda Take 2 Glen Zorn
- Re: [Emu] Agenda Take 2 SeongHan Shin
- Re: [Emu] Agenda Take 2 Dan Harkins
- Re: [Emu] Agenda Take 2 SeongHan Shin
- Re: [Emu] Agenda Take 2 Glen Zorn
- Re: [Emu] Agenda Take 2 Dan Harkins
- Re: [Emu] Agenda Take 2 Joseph Salowey (jsalowey)
- Re: [Emu] Agenda Take 2 Joseph Salowey (jsalowey)
- Re: [Emu] Agenda Take 2 Dan Harkins