IETF Logo Mail Archive

Re: [http-auth] I-D Action: draft-ietf-httpauth-mutual-algo-00.txt

Yutaka OIWA <y.oiwa@aist.go.jp> Wed, 23 July 2014 13:18 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A70E1A0ADC for <http-auth@ietfa.amsl.com>; Wed, 23 Jul 2014 06:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRYJ589M2gTS for <http-auth@ietfa.amsl.com>; Wed, 23 Jul 2014 06:18:45 -0700 (PDT)
Received: from na3sys010aog109.obsmtp.com (na3sys010aog109.obsmtp.com [74.125.245.86]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42CAB1B27A4 for <http-auth@ietf.org>; Wed, 23 Jul 2014 06:18:45 -0700 (PDT)
Received: from mail-vc0-f169.google.com ([209.85.220.169]) (using TLSv1) by na3sys010aob109.postini.com ([74.125.244.12]) with SMTP ID DSNKU8+2NKe6FeLtId2yL1pY5ebjmhtvPevP@postini.com; Wed, 23 Jul 2014 06:18:45 PDT
Received: by mail-vc0-f169.google.com with SMTP id hu12so2125979vcb.0 for <http-auth@ietf.org>; Wed, 23 Jul 2014 06:18:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ycNBz8yBoVvQaGFULmY84scbuyg6LMGzPvgcZmAWEjM=; b=Ll5X0rVUt8i7RzbAa18ejaLDiozA+JIfl9n/DXQEs2NDXwY8ty0nGKCIcCcP3oTDm+ bo9TzDF5KNmJbuqa1h8/F9+jvikfeQOe2tvaEZA+NY7zXXGj5Fb1/NXzOH9UV2iigPW9 VVwmGBmfKAXtENH+gUhnAHslR7hn1+tfS8i2U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ycNBz8yBoVvQaGFULmY84scbuyg6LMGzPvgcZmAWEjM=; b=e4ZIlPREUMtBDKYeUUDh60lISFtiNvaEldv1Ten/jYSS6UGb9sPiIDMb3hWNQb9deq 2ndRDZFctbi/PHbE0dulDH9sO+VnNaXoNx9W7mBWvQA/JNeHJzNcsclMNxdYarKVaXZq XKlvKbQhSLcmqq0oiJoGcsWAYG7rjQLsK7+H6+QTjtq4rPeEnumHKxRiMD2yqimWSEcp aMSjxTRJ0WUR27bAj9NYufe+xj927ZxsAEz+wN55xvFGvOA2maNjIL7UGvJ5YA3hKfb9 GXbOA2ZUVVwuc7mlL/WPk5IQYM//8fHyy/azqcAbw4HL39qSOj9BgOaKCs14Nt6z0qQB GjgQ==
X-Gm-Message-State: ALoCoQlbTpAFNl1UT+kenotTqAG1KP+1EWxMLoMMqPg/N3tsNvJsy1Adtt1P6riBLNXQyCBFEQ9GLbKs063V2ZMj2j3odYQpyFnhqTQ91/n81F6Gykhis5JIGyICCZ99TVZZREXEeZt2
X-Received: by 10.221.38.129 with SMTP id ti1mr1960080vcb.9.1406121524175; Wed, 23 Jul 2014 06:18:44 -0700 (PDT)
X-Received: by 10.221.38.129 with SMTP id ti1mr1960061vcb.9.1406121524036; Wed, 23 Jul 2014 06:18:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.154.198 with HTTP; Wed, 23 Jul 2014 06:18:23 -0700 (PDT)
In-Reply-To: <53C94EC6.3000103@gmail.com>
References: <20140704220217.30291.17196.idtracker@ietfa.amsl.com> <53C94EC6.3000103@gmail.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Wed, 23 Jul 2014 22:18:23 +0900
Message-ID: <CAMeZVwu5k7FgDRMK_B8h8isjDk0qkWbeHaT7mJCYsEUEjpjqMw@mail.gmail.com>
To: Rene Struik <rstruik.ext@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/ASnDq-Q9tgCTENn-aEn5FiM9Jb8
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] I-D Action: draft-ietf-httpauth-mutual-algo-00.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 13:18:47 -0000

Dear Rene,

this protocol is based on KAM3 of ISO/IEC 11770-4:2006.
ISO-spec says it is also called {DL, EC}APKAS-AMP in
IEEE P1363.2, proposed by T. Kwon.

There seems to be several literature written by the original
author.
http://www.isoc.org/isoc/conferences/ndss/01/papers/kwon.pdf
seems to be the most "academic" paper with analysis
to (some older revision of) this primitive, and there are also
several revisions submitted to P1363.
http://grouper.ieee.org/groups/1363/passwdPK/contributions/ampsummary.pdf
http://grouper.ieee.org/groups/1363/passwdPK/contributions/amp_final_revision.pdf
http://dasan.sejong.ac.kr/~tkwon/research/ampsummary2.pdf

I hope these will be helpful for reviewing and analyzing the proposal.

Using some other Augmented PAKE primitives with
my Mutual base proposal (draft-ietf-httpauth-mutual)
is easy in general.



2014-07-19 1:43 GMT+09:00 Rene Struik <rstruik.ext@gmail.com>:
> Dear authors:
>
> The algorithms in the draft seem to be based on the Augmented PAKE protocol,
> but differ in various aspects (e.g., hash function definition, details of
> cryptographic operation). Thus, it is not a priori clear whether the results
> in the AugPAKE paper apply here. If there is a technical write-up that
> analyzes the cryptographic properties of this (specific) protocol in detail
> that would be great.
>
> Best regards, Rene
>
>
> On 7/4/2014 6:02 PM, internet-drafts@ietf.org wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>   This draft is a work item of the Hypertext Transfer Protocol
>> Authentication Working Group of the IETF.
>>
>>          Title           : Mutual Authentication Protocol for HTTP:
>> KAM3-based Cryptographic Algorithms
>>          Authors         : Yutaka Oiwa
>>                            Hajime Watanabe
>>                            Hiromitsu Takagi
>>                            Kaoru Maeda
>>                            Tatsuya Hayashi
>>                            Yuichi Ioku
>>         Filename        : draft-ietf-httpauth-mutual-algo-00.txt
>>         Pages           : 15
>>         Date            : 2014-07-04
>>
>> Abstract:
>>     This document specifies some cryptographic algorithms which will be
>>     used for the Mutual user authentication method for the Hyper-text
>>     Transport Protocol (HTTP).
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual-algo/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-httpauth-mutual-algo-00
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> http-auth mailing list
>> http-auth@ietf.org
>> https://www.ietf.org/mailman/listinfo/http-auth
>
>
>
> --
> email: rstruik.ext@gmail.com | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>
>
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth



-- 
Yutaka OIWA, Ph.D.                 Leader, System Life-cycle Research Group
                               Research Institute for Secure Systems (RISEC)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]

v2.23.0 | Report a Bug | By Email