Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt
Russ Housley <housley@vigilsec.com> Wed, 24 June 2020 20:04 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E4EF3A1157 for <emu@ietfa.amsl.com>; Wed, 24 Jun 2020 13:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBr9NAsusF8e for <emu@ietfa.amsl.com>; Wed, 24 Jun 2020 13:04:43 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 727443A1155 for <emu@ietf.org>; Wed, 24 Jun 2020 13:04:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C9D68300B3B for <emu@ietf.org>; Wed, 24 Jun 2020 16:04:40 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bIlY4zkdQmlM for <emu@ietf.org>; Wed, 24 Jun 2020 16:04:39 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 08E99300A93; Wed, 24 Jun 2020 16:04:38 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <ca54cb5a-b4e9-6649-04bd-08955e93cb1d@ericsson.com>
Date: Wed, 24 Jun 2020 16:04:39 -0400
Cc: "emu@ietf.org" <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9AB51563-756E-4C9E-8C1B-42302AAF7769@vigilsec.com>
References: <159047624580.18151.8173719540463566179@ietfa.amsl.com> <ca54cb5a-b4e9-6649-04bd-08955e93cb1d@ericsson.com>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/hu0QQtz0ypr4nUFb5jLqrQHHb1o>
Subject: Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 20:04:46 -0000
The ECDH public value in RFC 5480 is an OCTET STRING, which means that the value is exactly 32 bytes. When this gets carried as a subject public key in a certificate, there is an extra byte only because the type is a BIT STRING.
My conclusion is that the current draft is correct:
* For P-256, the length of this value is 32 bytes, encoded in
binary as specified in [FIPS186-4].
Russ
> On Jun 24, 2020, at 1:10 AM, Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org> wrote:
>
> Hi all,
>
> I am not a crypto expert and my knowledge of public key encodings is
> based on my work with Rene Struik for a different draft.
>
> The current text in draft-ietf-emu-aka-pfs-04 says "For P-256, the
> length of this value is 32 bytes, encoded in binary". Shouldn't this be
> 33 bytes? And wouldn't it make sense to explicitly say that this is an
> octet string in the compressed format while referencing "SEC 1: Elliptic
> Curve Cryptography, Version 2.0" for the point to octet string
> conversion rules?
>
> --Mohit
>
> On 5/26/20 9:57 AM, internet-drafts@ietf.org wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the EAP Method Update WG of the IETF.
>>
>> Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS)
>> Authors : Jari Arkko
>> Karl Norrman
>> Vesa Torvinen
>> Filename : draft-ietf-emu-aka-pfs-04.txt
>> Pages : 26
>> Date : 2020-05-25
>>
>> Abstract:
>> Many different attacks have been reported as part of revelations
>> associated with pervasive surveillance. Some of the reported attacks
>> involved compromising smart cards, such as attacking SIM card
>> manufacturers and operators in an effort to compromise shared secrets
>> stored on these cards. Since the publication of those reports,
>> manufacturing and provisioning processes have gained much scrutiny
>> and have improved. However, the danger of resourceful attackers for
>> these systems is still a concern.
>>
>> This specification is an optional extension to the EAP-AKA'
>> authentication method which was defined in [I-D.ietf-emu-rfc5448bis].
>> The extension, when negotiated, provides Perfect Forward Secrecy for
>> the session key generated as a part of the authentication run in EAP-
>> AKA'. This prevents an attacker who has gained access to the long-
>> term pre-shared secret in a SIM card from being able to decrypt any
>> past communications. In addition, if the attacker stays merely a
>> passive eavesdropper, the extension prevents attacks against future
>> sessions. This forces attackers to use active attacks instead.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/
>>
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-emu-aka-pfs-04
>> https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-04
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-04
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>>
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
- [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt internet-drafts
- Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.t… Mohit Sethi M
- Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.t… Russ Housley
- Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.t… Mohit Sethi M
- Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.t… Mohit Sethi M
- Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.t… John Mattsson
- [Emu] (on curve representations) Re: I-D Action: … Rene Struik