Re: [kitten] SPAKE and non-deterministic RFC 3961 checksums

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Sun, 01 October 2017 23:53 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537101342DB for <kitten@ietfa.amsl.com>; Sun, 1 Oct 2017 16:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.835
X-Spam-Level:
X-Spam-Status: No, score=-0.835 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4FEhQG4CCoo for <kitten@ietfa.amsl.com>; Sun, 1 Oct 2017 16:53:54 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97FBE1321A0 for <kitten@ietf.org>; Sun, 1 Oct 2017 16:53:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 8BE492B8BA; Sun, 1 Oct 2017 23:53:53 +0000 (UTC)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKVOeReG5IQF; Sun, 1 Oct 2017 23:53:53 +0000 (UTC)
Received: from macbook-air-2.lan (66-215-86-135.dhcp.psdn.ca.charter.com [66.215.86.135]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 945B22B865; Sun, 1 Oct 2017 23:53:46 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
In-Reply-To: <20170930190208.GS96685@kduck.kaduk.org>
Date: Sun, 1 Oct 2017 16:53:46 -0700
Cc: Simo Sorce <simo@redhat.com>, kitten@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A5EAFD96-6810-4434-B2D5-EF62BBBA06A2@oxy.edu>
References: <x7d1sn5zyl8.fsf@equal-rites.mit.edu> <20170919015937.GN96685@kduck.kaduk.org> <1505920169.1143.15.camel@redhat.com> <20170923190527.GU96685@kduck.kaduk.org> <1506358991.3211.1.camel@redhat.com> <20170926022550.GZ96685@kduck.kaduk.org> <B9ED4047-4BAF-4F58-A4CF-5CE420371BB7@oxy.edu> <20170928022127.GF96685@kduck.kaduk.org> <8CDF104A-0D83-4B46-9016-E8ECA6F581D3@oxy.edu> <20170930190208.GS96685@kduck.kaduk.org>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/IphBf9SRCge6beJkl7B3vGf4xFE>
Subject: Re: [kitten] SPAKE and non-deterministic RFC 3961 checksums
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Oct 2017 23:53:56 -0000

In my mind, the bigger issue is if we will *ever* want a non-deterministic checksum again. I’m unable to think of a reason, but I don’t know what we don’t know that might make us want such a thing.

Not very satisfying. 

Still, I vote we just prohibit 1DES+SPAKE and move on.

> On Sep 30, 2017, at 12:02 PM, Benjamin Kaduk <kaduk@mit.edu>; wrote:
> 
> On Sat, Sep 30, 2017 at 02:05:25AM -0700, Henry B (Hank) Hotz, CISSP wrote:
>> 
>>> On Sep 27, 2017, at 7:21 PM, Benjamin Kaduk <kaduk@MIT.EDU>; wrote:
>>> 
>>> As I understand it, there is not much (any?) modern software that strictly
>>> requires single-DES, but there are also many sites where the effort to
>>> upgrade has not been expended.  Even in ATHENA.MIT.EDU, we have cross-realm
>>> keys that are actively used (albeit not for terribly critical functionality)
>>> that remain single-DES because of the logistical challenges involved in
>>> getting both KDC administrators in contact and with a trusted channel.
>>> 
>>> -Ben
>> 
>> I know that kind of thing can be much harder than it seems it should. OTOH, do you think that difficulty (as a specific example) should prevent us from stipulating "no 1des with SPAKE”?
> 
> No, I don't think examples of that sort should prevent us from placing
> that restriction on SPAKE usage.
> 
> -Ben

Personal email.  hbhotz@oxy.edu