IETF Logo Mail Archive

Re: [http-auth] Fwd: [Cfrg] Another PAKE question

Yutaka OIWA <y.oiwa@aist.go.jp> Wed, 05 March 2014 18:30 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AFC81A01DD for <http-auth@ietfa.amsl.com>; Wed, 5 Mar 2014 10:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHwKpWET8ibN for <http-auth@ietfa.amsl.com>; Wed, 5 Mar 2014 10:30:51 -0800 (PST)
Received: from na3sys010aog107.obsmtp.com (na3sys010aog107.obsmtp.com [74.125.245.82]) by ietfa.amsl.com (Postfix) with ESMTP id 2C26E1A0128 for <http-auth@ietf.org>; Wed, 5 Mar 2014 10:30:51 -0800 (PST)
Received: from mail-ve0-f177.google.com ([209.85.128.177]) (using TLSv1) by na3sys010aob107.postini.com ([74.125.244.12]) with SMTP ID DSNKUxdtV62lorp7g/FlZ0ATmMASaO4FkwEN@postini.com; Wed, 05 Mar 2014 10:30:47 PST
Received: by mail-ve0-f177.google.com with SMTP id sa20so1436488veb.36 for <http-auth@ietf.org>; Wed, 05 Mar 2014 10:30:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=RhoTWbx5b+8Vsml70kOOxnFNMVRyLv3hTGKvOpOX9Zc=; b=DpATLrWkGka/OCCatX7fEfnek7Es7Kr+DqVMYkEMzPM9/9UJs0N3Y32NIP89ENUoYX me1SBO6lGN+L7G7Q4WtbyknIrOWthLDiwNKEkUyJWoLCVbt/MDZxXwsXnQN69Zq0sDQ2 A2ouhNiUQlRfm7VG/yK/NlGB8NqvfD3X7lsg4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=RhoTWbx5b+8Vsml70kOOxnFNMVRyLv3hTGKvOpOX9Zc=; b=gNmZLAB0ttbJOo9sBhL/3raLoAg1YzUET7CsRBI6tDXIxO4CkNFOfZoKFOO7NXoijA i1HwUD2avVElpclwMVjc5qmkhv4ST+m6UhL0f9tyJDZMc5l/xljiiXtXmMKdaPZi6G2F O77p4aezQKTnGRtaZd7R7EDBTa8pPN7Frp5b3lQFVWriZ8E57ULD8vuQKfWsgOcuVG+c DX6IZb+YhRklFxQBo/0T8FPa05unMTh49xTTRqYP3nvVHk0IwSBnrWNluVJGb0Casa69 ErAVHsOlikgYvw5oDW6mRkrJHwRnnIXagLtVYJwhG3aehuoPoYPXRQTWkuNOYigAUSPh UGJw==
X-Gm-Message-State: ALoCoQkhn53dHWwG4IfITwmoMvEGFRDBGS5SvzyCbWuOVMC0cW0bTjz5cHlXX8CNhpKUPDEVQ3dRKc/CSo4ylJ2+0DzQ1TN8NnwHlnM5aMJaQ8oKj5DjepFwBC1y50SwYgvSMbgas65CR8qkPRt1Eks9O5zcm/MGJA==
X-Received: by 10.220.99.72 with SMTP id t8mr1154683vcn.10.1394044247081; Wed, 05 Mar 2014 10:30:47 -0800 (PST)
X-Received: by 10.220.99.72 with SMTP id t8mr1154670vcn.10.1394044246942; Wed, 05 Mar 2014 10:30:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.100.227 with HTTP; Wed, 5 Mar 2014 10:30:26 -0800 (PST)
In-Reply-To: <A4A326BF-6C6B-482F-85FB-36880BF315DA@checkpoint.com>
References: <CACsn0cmSH0hfuZs19Epvh_=vCPszx3Y3_GP5+snFDMcmAQUyQg@mail.gmail.com> <A4A326BF-6C6B-482F-85FB-36880BF315DA@checkpoint.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Thu, 06 Mar 2014 03:30:26 +0900
Message-ID: <CAMeZVwsv1LWAcEdqFU94d8GXMYLmgC=E=ji1O_Cx_cDgBQAOOw@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>, Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/vD8ObfLJgDUGAIiGpS8Mk4A0NKU
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, cfrg@irtf.org
Subject: Re: [http-auth] Fwd: [Cfrg] Another PAKE question
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 18:30:53 -0000

Watson, Sorry, I completely missed this mail in the pile of unread mails.

# Thanks Yoav, your comment in WG reminds me and help finding out of this.

AFAIK, putting the transaction history into the calculation is
already embedded as the values t_1 and t_2 described in
the algorithm in
<https://tools.ietf.org/html/draft-oiwa-httpauth-mutual-algo-01>,
Sections 2.2 and 2.3.
Isn't this t_1 and t_2 (put into the calculation of z) suffice for the purpose?

My understanding is that the functionality what Watson mentioned is a
fundamental requirements for all PAKE primitives, and
is already embedded in the specification of such primitives' layer.
If this assumption is not, or if we need to protect more values than
the values appear in the cryptographic primitives, I agree that the
functionality
should be again implemented in the layer of the "HTTP Mutual authentication".
In such case I will do it with our cryptographer colleagues.

Sorry for the very late reply, but I'm very happy if you can help me
better understanding of this issue.


2014-01-10 0:24 GMT+09:00 Yoav Nir <ynir@checkpoint.com>:
> Hi.
>
> CFRG has recently had some discussion about PAKEs in general. I have asked
> them to take a look at MutualAuth. This is one of the replies that we got.
>
> Yoav
>
> Begin forwarded message:
>
> From: Watson Ladd <watsonbladd@gmail.com>
> Subject: Re: [Cfrg] Another PAKE question
> Date: January 9, 2014 4:57:19 PM GMT+02:00
> To: Yoav Nir <ynir@checkpoint.com>
>
> Why is this protocol secure?
> I would recommend taking the z, and computing a hash of z and the
> transcript of the protocol. In
> this way under the ROM, the computed value doesn't reveal information.
> It ensures that any
> manipulation of the messages leads to different z values.
>
> I'll try to think of ways to make a proof given that change.
> Sincerely,
> Watson Ladd
>
>
> On Wed, Jan 8, 2014 at 10:09 PM, Yoav Nir <ynir@checkpoint.com> wrote:
>
> Hi
>
> I almost feel like I'm asking for trouble after the roast that Dan went
> through, but some on this list might want to consider another PAKE going
> through an IETF working group.
>
> HTTP-Auth is making experimental authentication mechanisms for the HTTP
> layer. One of those is a PAKE. If people here on the CFRG list would like to
> comment on it, that would be great. We can have some discussion here, but
> ultimately, comments criticisms and suggestions should go to the HTTP-auth
> list (details below).
>
> The draft in question is called "Mutual Authentication Protocol for HTTP".
>
> Link: http://tools.ietf.org/html/draft-ietf-httpauth-mutual-01
>
> Yoav
> co-chair of HTTP-Auth
>
> Mailing list details:
> * http-auth List Information:
> https://www.ietf.org/mailman/listinfo/http-auth
> * http-auth List Archives:
> http://www.ietf.org/mail-archive/web/http-auth/current/maillist.html
> * http-auth Posting Address (requires registration): http-auth@ietf.org
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
> --
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
>
>
> Email secured by Check Point
>
>
>
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth
>



-- 
Yutaka OIWA, Ph.D.                 Leader, System Life-cycle Research Group
                               Research Institute for Secure Systems (RISEC)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]

v2.23.0 | Report a Bug | By Email