IETF Logo Mail Archive

Re: [IPsec] Agenda for Anaheim

"SeongHan Shin" <seonghan.shin@aist.go.jp> Thu, 11 March 2010 06:23 UTC

Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED03B3A6B2A for <ipsec@core3.amsl.com>; Wed, 10 Mar 2010 22:23:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.591
X-Spam-Level: *
X-Spam-Status: No, score=1.591 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TNLw2rtbC+w for <ipsec@core3.amsl.com>; Wed, 10 Mar 2010 22:22:59 -0800 (PST)
Received: from mx1.aist.go.jp (mx1.aist.go.jp [150.29.246.133]) by core3.amsl.com (Postfix) with ESMTP id 40CB13A6850 for <ipsec@ietf.org>; Wed, 10 Mar 2010 22:18:17 -0800 (PST)
Received: from rqsmtp1.aist.go.jp (rqsmtp1.aist.go.jp [150.29.254.115]) by mx1.aist.go.jp with ESMTP id o2B6IIKt008297; Thu, 11 Mar 2010 15:18:18 +0900 (JST) env-from (seonghan.shin@aist.go.jp)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aist.go.jp; s=aist; t=1268288299; bh=MhrCz6E2Uu36hpQ3stQtLjnGDR3lP/kA6fjpa4Jy/S4=; h=From:Date:Message-ID; b=h79P8bXOvIc2vNGPtN4IFc4TS/E/6gOPNAIxl+ylIVxd1cm9wAwBmwow6mpfOhWCD vzx6wf/PFkrFGite6X6HfZYeBa12jXQxY90ue4TBKdIyEsyraOiusPfot4Fu12zHjK tNMFJWG7jBfEqdHH0pDhUi7jVt96e/5MR8KCCZzI=
Received: from smtp3.aist.go.jp by rqsmtp1.aist.go.jp with ESMTP id o2B6IIxw000066; Thu, 11 Mar 2010 15:18:18 +0900 (JST) env-from (seonghan.shin@aist.go.jp)
Received: by smtp3.aist.go.jp with ESMTP id o2B6IEDa027814; Thu, 11 Mar 2010 15:18:16 +0900 (JST) env-from (seonghan.shin@aist.go.jp)
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: 'Paul Hoffman' <paul.hoffman@vpnc.org>
References: <p06240807c7bd9f59a74e@[10.20.30.158]> <001901cac0c7$607d74e0$21785ea0$@shin@aist.go.jp> <p06240800c7be1b37dc39@[10.20.30.249]>
In-Reply-To: <p06240800c7be1b37dc39@[10.20.30.249]>
Date: Thu, 11 Mar 2010 15:17:59 +0900
Message-ID: <001b01cac0e2$98bc0040$ca3400c0$@shin>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrAz7m2rMcKVWGSQHykz7mEnRRhGwAElnZQ
Content-Language: ja
Cc: 'IPsecme WG' <ipsec@ietf.org>, 'Kazukuni Kobara' <k-kobara@aist.go.jp>, 'SeongHan Shin' <seonghan.shin@aist.go.jp>
Subject: Re: [IPsec] Agenda for Anaheim
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2010 06:23:11 -0000

Dear Paul Hoffman,

Thank you for your quick response.
Below is the summary.



This draft <draft-shin-augmented-pake-00.txt> describes AugPAKE. 

For simplicity, I discuss some criteria (written in
<draft-sheffer-ipsecme-pake-criteria-00.txt> and appeared in IPsecme WG
mailing list).
If I miss something, please let me know.

For references of EKE, SRP, SPSK, SPEKE and PAK, see
<draft-sheffer-ipsecme-pake-criteria-00.txt>.

----------------------------------------------------------------
1. Security
PAKE can be divided into balanced PAKE and augmented PAKE.

Balanced PAKE provides security against only active attacks (including
off-line dictionary attacks).
Examples: EKE, SPSK, SPEKE, PAK

Augmented PAKE provides security of balanced PAKE + "resistance to server
compromise" (see our draft for this security property)
Examples: SRP, AugPAKE


2. Underlying groups
AugPAKE over any groups (e.g., MODP, ECP) where the Diffie-Hellman problem
holds.

EKE, SRP and PAK need a care when selecting groups because of ideal cipher,
protocol structure or FDH (Full-Domain Hash).
FDH maps a hashed value to a group element.


3. Implementation
Because of the above reason, AugPAKE can be easily implemented.
We already implemented AugPAKE.


4. Efficiency
1) AugPAKE requires less modular exponentiation than SRP and SPSK.
It is almost same as EKE, SPEKE and PAK.

2) Number of rounds of AugPAKE is same as SRP (4 rounds).
3 rounds: EKE, SPSK (can be adjusted), SPEKE, PAK


5. Intellectual property
AIST will provide a royalty-free license for implementations of AugPAKE.
We think that AugPAKE is not involved to other patents.
(But, I am not a patent lawyer)
----------------------------------------------------------------


Best regards,
Shin



> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of
> Paul Hoffman
> Sent: Thursday, March 11, 2010 1:02 PM
> To: SeongHan Shin
> Cc: 'IPsecme WG'; 'Kazukuni Kobara'; 'SeongHan Shin'
> Subject: Re: [IPsec] Agenda for Anaheim
> 
> At 12:03 PM +0900 3/11/10, SeongHan Shin wrote:
> >I submitted the below I-D (00) and have just finished the IPR disclosure
> one
> >hour ago.
> >Could you please let me know if it is possible for me to present
> >our work in IPsecme WG?
> 
> We are not focusing on specific presentations, but instead on the criteria
> that the WG should be using to use to choose which proposal, or variant
> of a proposal, we want to go forward with. Please see the earlier
discussion
> on those criteria, and feel free to say how you feel this proposal fits
> into those criteria, as well as the criteria for which you think your
> proposal is strong.
> 
> --Paul Hoffman, Director
> --VPN Consortium
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email