Re: [Emu] Agenda Take 2

Sorry, make that draft-harkins-emu-eap-pwd-01  

> -----Original Message-----
> From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On 
> Behalf Of Joseph Salowey (jsalowey)
> Sent: Monday, March 10, 2008 2:55 PM
> To: Dan Harkins; SeongHan Shin
> Cc: Kazukuni Kobara; emu@ietf.org
> Subject: Re: [Emu] Agenda Take 2
> 
> Hi Dan,
> 
> Could you describe the technical differences between the 
> approach in draft-harkins-emu-eap-pwd-00.txt and existing 
> approaches of SRP, SPEKE and EKE?  
> 
> Thanks,
> 
> Joe 
> 
> > -----Original Message-----
> > From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On 
> Behalf Of 
> > Dan Harkins
> > Sent: Sunday, March 02, 2008 11:07 PM
> > To: SeongHan Shin
> > Cc: 'Kazukuni Kobara'; emu@ietf.org
> > Subject: Re: [Emu] Agenda Take 2
> > 
> > 
> >   Hi Shin,
> > 
> >   I'll put this on the list for cleanup in the -02 version.
> > In section 2.6.3.2 it describes constructing the password 
> element for 
> > a prime modulus group. It says:
> > 
> >       pwd-value = KDF(pwd-seed, "EAP-pwd Affixing the PWE", len(p))
> > 
> >       PWE = pwd-value mod p
> > 
> > this should be:
> > 
> >       pwd-value = pwd-value mod p
> > 
> > We want to ensure the value stretched to the length of the prime is 
> > numerically less than the prime. Section 2.6.3.2 goes on to say:
> > 
> >    The PWE is then computed by exponentiating the pwd-value to the 
> > value
> >    ((p-1)/r) modulus the prime.
> > 
> >       PWD = pwd-value ^ ((p-1)/r) mod p
> > 
> > I'm not sure where PWD came from :-). The convention is 
> capitals for 
> > elliptic curve groups to distinguish between elements and scalars. 
> > There is no such convention for prime modulus groups so it 
> should be:
> > 
> >    The pwe is then computed by exponentiating the pwd-value to the 
> > value
> >    ((p-1)/r) modulus the prime.
> > 
> >       pwe = pwd-value ^ ((p-1)/r) mod p
> > 
> > And then that "pwe" is used in 2.6.4.2. The idea is we take 
> a pwe-seed 
> > derived from the secret and identities and stretch that 
> using the KDF 
> > into a pwd-value which we reduce modulo the prime. The pwd-value is 
> > then used to construct the password element, pwe, by 
> exponentiating as 
> > described above-- pwd-value ^ ((p-1)/r) mod p. I obviously 
> messed up 
> > the description of that.
> > 
> >   As I said, I'll clean this up in the next version. If you do find 
> > any security issues with this draft please let me know. And also if 
> > there are other typographical errors or similar issues you 
> come across 
> > please tell me so I can clean them up.
> > 
> >   regards,
> > 
> >   Dan.
> > 
> > On Sun, March 2, 2008 10:27 pm, SeongHan Shin wrote:
> > > Dear Dan Harkins,
> > >
> > > Sorry, I didn't know that the ID is updated.
> > > Anyway, I'll go through the new ID.
> > >
> > > By the way, is "pwe" in section 2.6.4.2 the same as "PWE"?
> > >
> > > Best regards,
> > > Shin
> > >
> > > -----Original Message-----
> > > From: Dan Harkins [mailto:dharkins@lounge.org]
> > > Sent: Monday, March 03, 2008 2:17 PM
> > > To: SeongHan Shin
> > > Cc: emu@ietf.org; 'Kazukuni Kobara'
> > > Subject: Re: [Emu] Agenda Take 2
> > >
> > >
> > >   Hi Shin,
> > >
> > >   That draft has been updated. Please see the -01 version. 
> > That is the
> > > one that will be presented in Philly and is, I believe,
> > resistant to
> > > off-line dictionary attack. If you know of an attack against it I 
> > > would be extremely interested in hearing about it.
> > >
> > >   regards,
> > >
> > >   Dan.
> > >
> > > On Sun, March 2, 2008 7:16 pm, SeongHan Shin wrote:
> > >> Dear all,
> > >>
> > >> This is Shin.
> > >> I read the below ID (Password only Mechanism) 
> > >> http://tools.ietf.org/id/draft-harkins-emu-eap-pwd-00.txt
> > >> to be presented at IETF 71.
> > >>
> > >> The idea of the protocol seems interesting.
> > >> However, I found that the protocol is susceptible to off-line 
> > >> dictionary attack.
> > >> If someone is interested, I'll show how the attack works.
> > >> (you may already know that.)
> > >>
> > >> Best regards,
> > >> Shin
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org]
> > On Behalf Of
> > >> Joseph Salowey (jsalowey)
> > >> Sent: Thursday, February 28, 2008 8:04 AM
> > >> To: emu@ietf.org
> > >> Subject: [Emu] Agenda Take 2
> > >>
> > >> EMU Agenda
> > >> IETF 71
> > >> THURSDAY, March 13, 2008
> > >> 0900-1130 Morning Session I
> > >> ---------------------------------------------
> > >> + Administrivia (5 min)
> > >>  - agenda, blue sheets, note takers
> > >>
> > >> + Document Status (5 min)
> > >>  - EAP-TLS  - draft-simon-emu-rfc2716bis-13.txt
> > >>  - EAP-GPSK - draft-ietf-emu-eap-gpsk-08.txt
> > >>
> > >> + Charter Revision Status (70 min)
> > >>  - General text (10 min)
> > >>  - Tunnel Method (20 min)
> > >>  - Secure Password Only Method (20 min)
> > >>  - Channel Bindings (20 min)
> > >>
> > >> + Tunnel Method Requirements (30 min)
> > >>  - draft-salowey-emu-eaptunnel-req-00.txt
> > >>
> > >> + Channel Bindings (20 min)
> > >>  - draft-clancy-emu-chbind-00.txt
> > >>  - draft-clancy-emu-aaapay-00.txt
> > >>
> > >> + Password only Mechanism (20 min)
> > >>  - draft-harkins-emu-eap-pwd-00.txt 
> > >> _______________________________________________
> > >> Emu mailing list
> > >> Emu@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/emu
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> Emu mailing list
> > >> Emu@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/emu
> > >>
> > >
> > >
> > >
> > >
> > >
> > >
> > 
> > 
> > _______________________________________________
> > Emu mailing list
> > Emu@ietf.org
> > https://www.ietf.org/mailman/listinfo/emu
> > 
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
> 
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu