Re: [kitten] John Scudder's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
John Scudder <jgs@juniper.net> Thu, 18 January 2024 18:14 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBACC14F600; Thu, 18 Jan 2024 10:14:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="ieJep9h+"; dkim=pass (1024-bit key) header.d=juniper.net header.b="ksI9L7sN"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrdsjRB1or_B; Thu, 18 Jan 2024 10:14:54 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C0DC14F5F5; Thu, 18 Jan 2024 10:14:54 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40IBHWQf008309; Thu, 18 Jan 2024 10:14:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-transfer-encoding:mime-version; s=PPS1017; bh=+KQvm7ADUva6JK16q/vDuA6Gr/BDZGFWBGZQfZ8M0qo=; b=ieJep9h+riaA zE5+LYn0sFDpFPQ+P3MvjoskahVXbozYVSQfmWYAFErh/kkTtee9v9Rqk9xharF8 vBJiTblZi/khJIvdbsgW69a/U3yZbvFUipmFXPPT6S6csNnArQ+FUaUXKi0yx40J XdfKhzJjPkBntwNPy8loU9ggeR98roclyBEyEohgLDBRSYgNCm4SVjnV5oNTkzn4 okuRfZmFtRGbb0P+QuVIELg+EX9GFUpR4eNNZrh3d1A+I0PUJJACveLAnPvQDA+p /08NMFM7RcUq8ERbRDa47CV8GPKF7g8fa+nUFOGhucqEj1VB2YQRbcfPhZiSoWud hQ7LHsKT+w==
Received: from bl0pr02cu006.outbound.protection.outlook.com (mail-eastusazlp17010001.outbound.protection.outlook.com [40.93.11.1]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3vpq7x3maq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Jan 2024 10:14:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dzZeEa/1/hPYGlRKjX8H8/nXoriigAI3KO+nHp/4r9BOah5mFflfEfbVOREzN6QSM5MFdXPFloiI8WDv9dZrGL9N5PUpu2jd/TPLcUytU5lO5P7qpUOI1dN6lIihL7ZOpmWar9XxQc0QAW2bndi4knG5ZLcWFl71BolgQN6jpH3+Jgl8/rXZqFJF6AGGAE15UzUNGhrespgiDeY9jh0g+N4DBSnqZJQXbE13t8q2duu0QYv7GanDo8a62Y3Noy4e9BolHC3cRNcKVt0aFAT9ONgMrcZg0BfpRdPSI16g1uRGW722gMhgJR5J4sq8u0Rlua7bSe4HVx3/+Yxp3v24iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+KQvm7ADUva6JK16q/vDuA6Gr/BDZGFWBGZQfZ8M0qo=; b=JR7FNQ62ukTUVT7oHMlpIHairVFOf8U5Cjax/ybhW/XlZuZOkzFdADi14dN2mbuEWmglaLVoezh6VW5C5V01BiMTGD/bAZEmk8m1/RD2p+8qv4WbZt4B1nyKw6LYwrUnyKZY4XERW19yKzX52z24IOeSCYNcjmD3gr0xBjFX47HANH+IzLTog7LkFZiOJlfkvbL8L05lesfmF3lTiaHH/tLcp825zKvVhXU8HGBIx4ojSJC25z+n4ZUu84FMw6AB5tCRaLDGXg+EgyiTxsAkcHHWY6UuFl4Byp4lWC10HPBY7u4ZyAVM+LFBlU4PQsSN7ZuVAAmwSX7JHuHRdI5DcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+KQvm7ADUva6JK16q/vDuA6Gr/BDZGFWBGZQfZ8M0qo=; b=ksI9L7sNWH2ae0Ahgpt2GuloMhxtCUdp9ldI+M3VEPIQtdXgGfg6rBKisp+Hjxqu3rpA+CgJ/1G/Kb+9h4fYt7FpA83xFZVXAB2zHhcd4PJ81+656MqoJjjdBfq0PQsU+/wfQDnhF9f6x0qJ/rvG6owXhyJipJBfDQs8in+CKhA=
Received: from CH2PR05MB6856.namprd05.prod.outlook.com (2603:10b6:610:3e::11) by PH0PR05MB8930.namprd05.prod.outlook.com (2603:10b6:510:d2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.24; Thu, 18 Jan 2024 18:14:41 +0000
Received: from CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::a3ca:470b:2f25:6319]) by CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::a3ca:470b:2f25:6319%7]) with mapi id 15.20.7202.024; Thu, 18 Jan 2024 18:14:40 +0000
From: John Scudder <jgs@juniper.net>
To: Greg Hudson <ghudson@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-kitten-krb-spake-preauth@ietf.org" <draft-ietf-kitten-krb-spake-preauth@ietf.org>, "kitten-chairs@ietf.org" <kitten-chairs@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, Nicolas Williams <nico@cryptonector.com>
Thread-Topic: John Scudder's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
Thread-Index: AQHaSWQeecRe1hiVhE6Byec3S+J/bbDf3L2AgAAE47w=
Date: Thu, 18 Jan 2024 18:14:40 +0000
Message-ID: <55D68470-341A-4B43-B0F5-98347CECF65E@juniper.net>
References: <170550971259.44795.14577927249974933402@ietfa.amsl.com> <311870f4-e559-44ec-b864-d2e0de4959b6@mit.edu>
In-Reply-To: <311870f4-e559-44ec-b864-d2e0de4959b6@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PR05MB6856:EE_|PH0PR05MB8930:EE_
x-ms-office365-filtering-correlation-id: a98beffc-bf05-46c2-6cbc-08dc185156cf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6441cwO3g5HabTc5hWa4t+gykCzzLGF7sYbGchiGphvOQwtTiRlyGNyGHGpP0z94uVfbF5qeaukz046WmEw+spVBzJstdjCzIdtR7DyW6oRaat0ZLZ2C0JtADzfIS5sK/Dx/NwJQjpYPeIJ4ECh/j1Y86AnGGJYMzW60T/0esGR75aAgPYTSr9C/LsPO3Gy26vddavvuHGkQ7dGoPBab8TYVrJ0XvRYuDBB1MgzrHs432gi8/tUHE6c4nuBIow15B6NHLBOEQKfwngi0th5JK6dVvnCeHNeCW9Svm7Ox0OiAywpBhGiIbkOZVxjlutYPBtL6O56AXORPUp6ZOq0jhtPExybD2wD7wQ95MnW29M5oyKzpiGow+8qGD4FBWvtyiOkB/mj7HJ565Wk+5fJmSwxgQfLMUyf5+SRS1RSrLo9MfPwXHuT2apGrfx9R2pu9k1xgUf80N1eIq4DINVUAeZmjuOgG6QP9nYgIQrmx4+crZ+XQfcwuHBL/fDGirQ6TSPukBdYc4Byrr2F0Y3hb9G2yIzXHcRemqbirdf54EJPJ2vqPAg2EcRs3KQHuzAL5tpBp44bgD62wiSfqwblgJ9Sn0uvjPS0aQtVTSU+jxa81jpn0wdAs0G9Q7y0Zf/dKzn7C+CrwRRu3FPiTFlONSA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR05MB6856.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(346002)(136003)(39860400002)(366004)(230922051799003)(64100799003)(1800799012)(451199024)(186009)(122000001)(38100700002)(2906002)(33656002)(36756003)(86362001)(41300700001)(76116006)(6916009)(71200400001)(53546011)(66556008)(66946007)(6512007)(64756008)(54906003)(66446008)(316002)(478600001)(66476007)(966005)(6486002)(4326008)(8676002)(5660300002)(8936002)(83380400001)(2616005)(26005)(6506007)(38070700009)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IFk2A6myAq4q56N3QpDwtlXwS6ovuhwQk651uUVliHeev3kMAaO5t3d4hrElvrdxHiZqNh/0HYo0xSo9Px2g3T/5UFyJiDp7OeGb9mBozeu0URELiFVhG5ILrIBC3iaFCTj1U31wDwUjHhpJ2V5+zIGJBoo70QoqCA/kaRGI1cQWJ/YSt3Zc/74gbMiQluEUn4nUxq0HlF0If9Objp6zZNbqbeTAVxOLk4Eeo2CijAcbFTyF1+A1R1P7YqiiFUW1H0t/Zn3FEWqbJs/Uuk2ZHO7P4rCcvpyFzi27JGQIrd6PF9Y/LbQsjwjzcygqrepUhhhDKdnHOeTKSZAoMg5hqGPm40pqwXU7XuxBYZ06JRH6OEAicqTg0dY/o/NQfSMlfFucqohqaUC7bIMuA7wxilQV2Wv2H6qt12RR2PeTqJtNpyhRrzwrKmHGdWIOIVb6Z0TMTCaqsueIhDOULtvplu/HnhPKPj28yt3iRrvG0xOEBhOqiR3CIzHFb5Jp9sKIifPCjdparRF/Gtfck7N0V53LTO8kMWqjkqkODpNV/NHxYpoPabi3RVx4kNjRDWeI7EIdmoWFJ1JJtlOchkbMCRhqVyCpLWapz32BcFb1FZnaUj2bhGI9xriBIrVWkBsoQhu6k3TAyE9TWv0hIfbVauecB/fkgZAl+E4NotaG9tFyh2FGtbbqapJ1HW69qsh+CQNv4uPe8QhKXhGwAlKsDqZp7tjvWBAeVsSCT6P7G61u8Jo3wj77Js7nV0UB0uuiR8Ca1BdwsNRMK8oSkxNJAFVUBxRLmL1qwlHbosBOu2kk3fUmytRBH9cQgHNxWUX+KmfcNIY+Wa9Ce8izlzLyPd6xTeXeibUaHUNR+5A06kGVLfXUi6wJ2pqpFiywu93ql+oR9IxRyYueP0qqB4WovGGbs9gNre1Z6doIB8AVDTX/kCfQ1zc/kY+T9bS43uUyw/4UyYHh/E8aKbKsGSSrlmD/V3sZb9HpsnJgAaVmUN28pZiXN3r60RneckNQeXAMllVuSGiYmQS6m17K2KH46V/fGcOq0QWWBZLA9lxoSdkUHfnbBYgqCgOiIP8PQ4ObEV5hP3oQ3q+4ONIT5Nqm5FLzmtf2QJ73Z+VPSd0OVczuaBPL2ozsc9Vx6xyZOFb64daqdFQbxmHXeMOmJaoiP0c5xgFLi+VX+hGF/e59WHzatXt3hPIYNIS5py3wBDXUYp0wrOs83kaWnpJoiLWFnXakyXgzH6D4Zg7BOYw86+UtpcLcq4uGxprNC73sTVfZomWcBym1+GyMyQws1fYji8mMm7J7tpfdyelBaBjRS7znSsNlNnCRvtNvDwwghFBN39+gy3u7bL0p4ZMrepdcf3iiVKTxyCleVnjMZAg7oUfpV7v0h92VdWWI0y3dKjl2J7m5Y7EKyFPjpXTZNpeBAgdRY/3SLv/JYHrp5Z76nosnbwKJ8FVYC0i8v30MBDluLt2kL/QYvk6ghXr9T7NF6beJW2Tj+/EdIIbFSHAgOw8IWxnDnE5MEqpbv2+OF4LpBpWCd1IC985bREBe2hgY6oe9+28B7/LNtrnhTha3NPjW75eRqbLAGtMzzhReUKZf
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR05MB6856.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a98beffc-bf05-46c2-6cbc-08dc185156cf
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2024 18:14:40.6997 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Um6KKYmPll9GPg3gVSBilaA5zRovUge4+fs0n7clyf1vUUxV8HzLWHdKlfncuOqq
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR05MB8930
X-Proofpoint-ORIG-GUID: QoKwSOGiGWSWyLlBBc95yUOXMt4B9hQj
X-Proofpoint-GUID: QoKwSOGiGWSWyLlBBc95yUOXMt4B9hQj
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-18_08,2024-01-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 clxscore=1011 mlxscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 impostorscore=0 suspectscore=0 mlxlogscore=358 malwarescore=0 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311290000 definitions=main-2401180133
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/7Wrh4YmIAWO2egrVJdOBiofBlp0>
Subject: Re: [kitten] John Scudder's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 18:14:58 -0000
SGTM. Thanks. —John > On Jan 18, 2024, at 12:57 PM, Greg Hudson <ghudson@mit.edu> wrote: > > >> On 1/17/24 11:41, John Scudder via Datatracker wrote: >> - Section 4.3 ends with the line, >> >> KEY_USAGE_SPAKE 65 >> >> I understand this to be, that you're providing the reader with the >> IANA-assigned value. But without descriptive words around it, it's just >> puzzling and lacking in context. I think you could safely delete the line, >> since its information is included in Section 11 and in general it's >> desirable, in my experience, to have only a single source of truth for this >> kind of thing. Or otherwise, maybe you can work the information into the >> prose more smoothly. > > I will delete the line. > >> - Although RFC 7322 section 4.8.6 provides shockingly little guidance about how >> to format your references, I still think you should try to do better than > > I will copy the additional reference text from RFC 9032, yielding: > > [SPAKE] Abdalla, M. and D. Pointcheval, "Simple Password-Based > Encrypted Key Exchange Protocols", Cryptography-CT-RSA > 2005, Lecture Notes in Computer Science, Volume 3376, > pages 191-208, Springer, DOI 10.1007/978-3-540-30574-3_14, > February 2005, > <https://urldefense.com/v3/__https://doi.org/10.1007/978-3-540-30574-3_14__;!!NEt6yMaO-gk!C9QBcQzX4BX66N4CIBJriwC1FP0ZXfLi9ffPJ6PaM6J06grc5QakN5TyVgl6WTX9do6FIEJ6suXJsg$ >. > >> - You might want to consider your usage of "man-in-the-middle" in light of >> https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/on-inclusive-language/__;!!NEt6yMaO-gk!C9QBcQzX4BX66N4CIBJriwC1FP0ZXfLi9ffPJ6PaM6J06grc5QakN5TyVgl6WTX9do6FIEKp21LFJQ$ . > > I will change this usage to "machine-in-the-middle".
- [kitten] John Scudder's No Objection on draft-iet… John Scudder via Datatracker
- Re: [kitten] John Scudder's No Objection on draft… Greg Hudson
- Re: [kitten] John Scudder's No Objection on draft… John Scudder