Re: [kitten] Comments on draft-ietf-kitten-krb-spake-preauth-00
Benjamin Kaduk <kaduk@mit.edu> Thu, 17 August 2017 01:48 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECEEB132419 for <kitten@ietfa.amsl.com>; Wed, 16 Aug 2017 18:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMCQGMn9ZxM4 for <kitten@ietfa.amsl.com>; Wed, 16 Aug 2017 18:48:29 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25C26132416 for <kitten@ietf.org>; Wed, 16 Aug 2017 18:48:29 -0700 (PDT)
X-AuditID: 1209190e-d91ff70000000ad1-87-5994f5eb3035
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 99.72.02769.BE5F4995; Wed, 16 Aug 2017 21:48:28 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v7H1mQ7u017528; Wed, 16 Aug 2017 21:48:27 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v7H1mM8a025818 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 16 Aug 2017 21:48:25 -0400
Date: Wed, 16 Aug 2017 20:48:22 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Cc: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>, "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <20170817014822.GV70977@kduck.kaduk.org>
References: <8B29C0AD-409C-4F56-91BB-558DEFCDDFDD@oxy.edu> <3382b1b7-37f9-393b-73ca-7b3c841e67d9@mit.edu> <373E00D6-4459-4466-9FDF-BB70F8EDB403@oxy.edu> <b3cb2607-dad0-c44e-7eca-20e6743b231e@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <b3cb2607-dad0-c44e-7eca-20e6743b231e@mit.edu>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkleLIzCtJLcpLzFFi42IR4hRV1n3zdUqkwZzHLBYf7y1ksTi6eRWL A5PHkiU/mTy2Nv1lDmCK4rJJSc3JLEst0rdL4MrY3fuBteCKYEX/yn6WBsY3vF2MHBwSAiYS q287dDFycQgJLGaSWPv2ECuEs5FR4u+c1WwQzlUmiYVPNrN0MXJysAioSkxc8oAJxGYTUJFo 6L7MDGKLCChKPFs1F6yGWSBe4knTeRaQDcICHhJXfgiBmLxAyx71ZECMPMsoMffPD7ByXgFB iZMzn0C1qkv8mXeJGaSeWUBaYvk/DoiwvETz1tlgmzgFrCUaG7pZQWxRAWWJeftWsU1gFJyF ZNIsJJNmIUyahWTSAkaWVYyyKblVurmJmTnFqcm6xcmJeXmpRbrGermZJXqpKaWbGMEhLcm3 g3FSg/chRgEORiUe3oi8KZFCrIllxZW5hxglOZiURHl/zwIK8SXlp1RmJBZnxBeV5qQWH2KU 4GBWEuFNewGU401JrKxKLcqHSUlzsCiJ84prNEYICaQnlqRmp6YWpBbBZGU4OJQkeB99AWoU LEpNT61Iy8wpQUgzcXCCDOcBGq74FWR4cUFibnFmOkT+FKOilDivFEizAEgiozQPrheUciSy 99e8YhQHekWYVwWknQeYruC6XwENZgIafKV9EsjgkkSElFQD42q5zqStt1Zpl8hbTbZ0uT+9 8K3/xjmmy6bPPbyms2aTjAnX5pyikHQJkQCHc2r7iu7HGAeueNSTdY5N6uOM+ssWi+8GeB8S eVwUtHJ6qsbXiTqKrZ4LH1/hOLnpVjajAJs1l+PeRZmFHJ1ro1Ofbbj89N57V7+XCQ5Htrxa JBerJauyOrBaWImlOCPRUIu5qDgRALsAuToUAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/1VPIKqSptFEmKI6m4tXt36-e9NY>
Subject: Re: [kitten] Comments on draft-ietf-kitten-krb-spake-preauth-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 01:48:31 -0000
On Mon, Aug 14, 2017 at 02:01:48PM -0400, Greg Hudson wrote: > On 08/14/2017 01:30 PM, Henry B (Hank) Hotz, CISSP wrote: > >>> [NIT] Section 4.3, para 2: Delete the word “Next”. On my first reading that led me to think it was describing what to do after “the client completes. . .”. It actually describes the *first* thing to do (in the third pass). I’ve now read it enough times that I’m no longer qualified to say how important that is. > >> > >> The word "Next" is intended, but I can see that "will complete its part > >> of the SPAKE process" is too vague--it is not clear that it is > >> describing a computation step with no protocol messages. I propose this > >> wording, combining the first two paragraphs: > >> > >> Upon receipt of the challenge message, the client will complete > >> its part of of the SPAKE algorithm, generating a public key and > >> computing the shared secret K. Next, the client chooses one of the > >> second factor types [...] > > > > Hmmm. I still wasn’t interpreting it right. If you say “next” I wonder what the preceding “first” or “next” was. I didn’t have an explicit referent to halt my mental search. In this case I think it’s: > > Perhaps using "then" instead of next will help? Current proposed > wording (with some minor edits to the later sentences): I don't think "next" vs. "then" is a big difference, it's more a question of whether the first sentence is giving an overview of what will happen in the section, or just the first step in what happens. (When Henry first mentioned it, I thought it was the former, but now see it's the latter.) > Upon receipt of the challenge message, the client will complete > its part of of the SPAKE algorithm, generating a public key and > computing the shared secret K. The client will then choose one of > the second factor types listed in the factors field of the challenge > message and gather whatever data is required for the chosen second > factor type, possibly using the associated challenge data. Finally, > the client will send an AS-REQ containing a PA-SPAKE PA-DATA > element using the response choice. I think that's more clear, thanks. -Ben
- [kitten] Comments on draft-ietf-kitten-krb-spake-… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Greg Hudson
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Greg Hudson
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Benjamin Kaduk
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Benjamin Kaduk