Re: [kitten] Comments on draft-ietf-kitten-krb-spake-preauth-00
"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Mon, 14 August 2017 21:39 UTC
Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 854EF132431 for <kitten@ietfa.amsl.com>; Mon, 14 Aug 2017 14:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.535
X-Spam-Level:
X-Spam-Status: No, score=-3.535 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 992TbepEHaKp for <kitten@ietfa.amsl.com>; Mon, 14 Aug 2017 14:39:51 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BFD13243A for <kitten@ietf.org>; Mon, 14 Aug 2017 14:39:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id D16BFC8BBB; Mon, 14 Aug 2017 21:39:50 +0000 (UTC)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo01-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EqNqmM8EC6Ka; Mon, 14 Aug 2017 21:39:50 +0000 (UTC)
Received: from macbook-air-2.lan (66-215-86-135.dhcp.psdn.ca.charter.com [66.215.86.135]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id AE845C8864; Mon, 14 Aug 2017 21:39:41 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
In-Reply-To: <b3cb2607-dad0-c44e-7eca-20e6743b231e@mit.edu>
Date: Mon, 14 Aug 2017 14:39:40 -0700
Cc: "kitten@ietf.org" <kitten@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <118501F3-DE77-42C9-9895-A4B10C49AB00@oxy.edu>
References: <8B29C0AD-409C-4F56-91BB-558DEFCDDFDD@oxy.edu> <3382b1b7-37f9-393b-73ca-7b3c841e67d9@mit.edu> <373E00D6-4459-4466-9FDF-BB70F8EDB403@oxy.edu> <b3cb2607-dad0-c44e-7eca-20e6743b231e@mit.edu>
To: Greg Hudson <ghudson@MIT.EDU>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/DpDnWSGL6UeJgUG0S88j0OvrTcQ>
Subject: Re: [kitten] Comments on draft-ietf-kitten-krb-spake-preauth-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 21:39:53 -0000
> On Aug 14, 2017, at 11:01 AM, Greg Hudson <ghudson@MIT.EDU> wrote: > > On 08/14/2017 01:30 PM, Henry B (Hank) Hotz, CISSP wrote: >>>> [NIT] Section 4.3, para 2: Delete the word “Next”. On my first reading that led me to think it was describing what to do after “the client completes. . .”. It actually describes the *first* thing to do (in the third pass). I’ve now read it enough times that I’m no longer qualified to say how important that is. >>> >>> The word "Next" is intended, but I can see that "will complete its part >>> of the SPAKE process" is too vague--it is not clear that it is >>> describing a computation step with no protocol messages. I propose this >>> wording, combining the first two paragraphs: >>> >>> Upon receipt of the challenge message, the client will complete >>> its part of of the SPAKE algorithm, generating a public key and >>> computing the shared secret K. Next, the client chooses one of the >>> second factor types [...] >> >> Hmmm. I still wasn’t interpreting it right. If you say “next” I wonder what the preceding “first” or “next” was. I didn’t have an explicit referent to halt my mental search. In this case I think it’s: > > Perhaps using "then" instead of next will help? Current proposed > wording (with some minor edits to the later sentences): > > Upon receipt of the challenge message, the client will complete > its part of of the SPAKE algorithm, generating a public key and > computing the shared secret K. The client will then choose one of > the second factor types listed in the factors field of the challenge > message and gather whatever data is required for the chosen second > factor type, possibly using the associated challenge data. Finally, > the client will send an AS-REQ containing a PA-SPAKE PA-DATA > element using the response choice. That’s good. I did put the forward reference in because of what I said at the beginning of my last email, but I’m not hard over. I’m also no longer the best judge. Any other opinions? Personal email. hbhotz@oxy.edu
- [kitten] Comments on draft-ietf-kitten-krb-spake-… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Greg Hudson
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Greg Hudson
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Benjamin Kaduk
- Re: [kitten] Comments on draft-ietf-kitten-krb-sp… Benjamin Kaduk