Re: [Gen-art] IETF LC Gen-ART review of draft-harkins-salted-eap-pwd-06
worley@ariadne.com (Dale R. Worley) Fri, 23 September 2016 22:22 UTC
Return-Path: <worley@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E89E12BD77 for <gen-art@ietfa.amsl.com>; Fri, 23 Sep 2016 15:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPBKd4lI4ssn for <gen-art@ietfa.amsl.com>; Fri, 23 Sep 2016 15:22:30 -0700 (PDT)
Received: from resqmta-ch2-01v.sys.comcast.net (resqmta-ch2-01v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6C7812BD8D for <gen-art@ietf.org>; Fri, 23 Sep 2016 15:22:28 -0700 (PDT)
Received: from resomta-ch2-11v.sys.comcast.net ([69.252.207.107]) by resqmta-ch2-01v.sys.comcast.net with SMTP id nYrIbBgfBTaLwnYrUbV1uQ; Fri, 23 Sep 2016 22:22:28 +0000
Received: from hobgoblin.ariadne.com ([73.100.16.189]) by resomta-ch2-11v.sys.comcast.net with SMTP id nYrSb8n97uJiAnYrTbtLI0; Fri, 23 Sep 2016 22:22:28 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id u8NMMQ7T011206; Fri, 23 Sep 2016 18:22:26 -0400
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id u8NMMPwH011203; Fri, 23 Sep 2016 18:22:25 -0400
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com
To: Daniel Harkins <dharkins@arubanetworks.com>
In-Reply-To: <11F52F6F-8051-4775-9F23-3C00FCACBA91@arubanetworks.com> (dharkins@arubanetworks.com)
Sender: worley@ariadne.com
Date: Fri, 23 Sep 2016 18:22:25 -0400
Message-ID: <8737kq9rz2.fsf@hobgoblin.ariadne.com>
X-CMAE-Envelope: MS4wfLEtdV5ZcVqanZ/gNkuRg/DdtLH4bvukNbf5TJNnBHw489RG9yxZ/1QiOuGU30IBzeSUcd7GnKySIZ6IPdSwycLOHLmHzAAQhO68BxIQHM2aRymarMty P+CddKlV9Y9lu0k6TvH2HgNTWjP4iU7q6SE3+MIBAGYXrGn+4cbwVmOxNlkXozHyI4zeLukdg7GP5GsdS0981dtWNg2mjffgaKxXKw0UWSwILbQVJ8ao4ByM 2oQC+Y8QiPrpRlysEnW1q69R4UnPWgG2J/p3t3qJN9l927sE2YXQmhXlN7D3ECCM
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/-yFSbXnnrqVrX_Ear8jNASAYuRg>
Cc: draft-harkins-salted-eap-pwd.all@ietf.org, gen-art@ietf.org, ietf@ietf.org
Subject: Re: [Gen-art] IETF LC Gen-ART review of draft-harkins-salted-eap-pwd-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 22:22:31 -0000
Daniel Harkins <dharkins@arubanetworks.com> writes: > We may be talking past each other. But the reason that note is there > is because this is a "balanced" PAKE where both sides use an identical > representation of a credential. In this case, the credential is not > the password, it's the hashed password. So if an attacker gets a copy > of the hashed password it can impersonate the client to the server and > the server to the client. In other uses of hashed password databases > the client sends the password across the wire/air so if an attacker > somehow got ahold of the hashed password it would not be able to > impersonate the client to the server (because the server is asking for > the password not the hashed password). (My apologies for not replying sooner.) I suspect that I'm being caught up by the fact that I don't know the design space of authentication protocols very well. In any case, this point is certainly not a reason to hold up the draft. Dale
- [Gen-art] IETF LC Gen-ART review of draft-harkins… Dale R. Worley
- Re: [Gen-art] IETF LC Gen-ART review of draft-har… Daniel Harkins
- Re: [Gen-art] IETF LC Gen-ART review of draft-har… Dale R. Worley
- Re: [Gen-art] IETF LC Gen-ART review of draft-har… Dale R. Worley