Re: [kitten] Request for review of a SASL mechanism using the OPAQUE aPAKE
Nadja von Reitzenstein Cerpnjak <me@dequbed.space> Mon, 17 October 2022 22:46 UTC
Return-Path: <me@dequbed.space>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26665C1522DD for <kitten@ietfa.amsl.com>; Mon, 17 Oct 2022 15:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.309
X-Spam-Level:
X-Spam-Status: No, score=-1.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.398, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=dequbed.space
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNIC-0_ZTbze for <kitten@ietfa.amsl.com>; Mon, 17 Oct 2022 15:46:27 -0700 (PDT)
Received: from mail2.paranoidlabs.org (tureis.comfix.cc [148.251.10.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FAFCC14F719 for <kitten@ietf.org>; Mon, 17 Oct 2022 15:46:25 -0700 (PDT)
Received: from [IPV6:2001:9e8:17fa:6500:a15e:60b0:d899:5a5e] (unknown [IPv6:2001:9e8:17fa:6500:a15e:60b0:d899:5a5e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail2.paranoidlabs.org (PlabsMail) with ESMTPSA id 31C0633F2AF; Mon, 17 Oct 2022 22:46:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dequbed.space; s=rsa-20210101; t=1666046778; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aXfRJM9HaqSqeBIs/NKN9Bm062vfK1/pzaiPauDVhCw=; b=OW/aX+TXx71gbjAlt5Y3Lh+i8t2+xrPQW23I6lIn6gaYugXD25rQd+7BOejJCRjL2LKzon NUdHFndmM/46Dk+gWHvmyO6/fY6RR1z2Y4OhFYV5+0vlTZeu9vcPEC6/qgr2XY8rfb1HEt FLC/y4zNEaXZV2iaaeFtv3L/S+tquw6NT6wJa/8HKXS6at5xAHN0Kt3AWDraCSzVQQbwJW PG+auhqA0geMJCFIqkgj9RAg7Oc7h9X+/3pJJl04L81EVBZC+d+TkWPthFzfdBpDHTpDI1 VMoGwKcPJuRDRgD2cZ0at8/aJtbsWU0mlUzjnSknPPzEqoDSxi/qBX9TVip5Tg==
Message-ID: <3a40eb7a-4bd7-bfe3-a7a8-0d123074fb09@dequbed.space>
Date: Tue, 18 Oct 2022 00:46:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.3
Content-Language: en-US
To: Rick van Rein <rick@openfortress.nl>
Cc: kitten@ietf.org
References: <e5a00d86-48a1-d602-0ee8-8cb80c06f826@dequbed.space> <20221014152512.GB7248@openfortress.nl>
From: Nadja von Reitzenstein Cerpnjak <me@dequbed.space>
In-Reply-To: <20221014152512.GB7248@openfortress.nl>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/fmLK9fOGbLFyzWeje4j9M1tWK6Y>
Subject: Re: [kitten] Request for review of a SASL mechanism using the OPAQUE aPAKE
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2022 22:46:32 -0000
Hello Rick, > Thanks for this specification! Since Stef (who implemented OPAQUE > for SASL) wrote a text before, I wonder if/how these attempts are > best integrated. > > https://github.com/stef/sasl-opaque I'm not quite sure. I've read Stef's draft and I feel like its somewhat orthogonal to mine; the encoding of the different OPAQUE messages (i.e. KE1, KE2 and KE3) are already defined in the OPAQUE draft. I think an area where my draft could however take from Stef's is regarding more meta usage information, e.g. around the registration abilities of OPAQUE. >> The values of client_identity and server_identity are set to: >> client_identity := client-first-message + "," + client_public_key >> server_identity := server-message-bare + "," + server_public_key > Are client_ and server_public_key binary? The I-D is unclear, it > generically says "encoded". If it's DER you cannot find the head in > backward direction. That's a good point. I could have sworn the OPAQUE draft defines what it means with 'encoded' but I seem to misremember. As the type and thus size of those keys is already known beforehand I think serializing them as 32-byte arrays as is done in the OPAQUE draft is the right approach, but I'll update my draft to make that explicit, thanks! >> The PLUS suffix is only used > "The -PLUS suffix is only used" (adding a dash) Thanks ^^ >> C: n,,n=user,r=<ke1> >> S: c=<cbdata>,i=<params>,v=<ke2> >> C: p=<ke3> > Are <ke1>, <ke2>, <ke3> binary or base64? Both work, of course. Base64, I've noted that in a section afterwards explaining all attributes but it's probably the right choice to make this example contain actual base64 data for clarification. >> 5.1. OPAQUE Attributes > I'm not sure that it is beneficial to define a family, if there is > one actual case for OPAQUE; but it is definitely a good idea to name > the attributes in the SASL mechanism. It should be relatively simple > to write a future spec saying "like the old one, but XXX is now YYY > while ZZZ is kept; the SASL mechname has become OPAQUE-XXX-ZZZ." > (A bit like DIGEST-MD5 which could have an alter ego in DIGEST-SHA384.) > > What I wonder is what value is added by declaring a family or group? > (It may exclude later improvements, which might travel along with an > algorithm update.) Initially I just considered making it a family the correct thing to do, as that would make it easier for future specifications to be build on top. But having thought about it a bit more and especially after Simon's mail I don't think it's the best way to do it; as both of you said there's no reason why a future specification couldn't define e.g. `OPAQUE-P256SHA` even when there isn't an OPAQUE mechanism family. And, as noted, that does mean those mechanisms can work very differently if necessary. So there isn't specific value added and when I finally get time to update my draft again I'll change it to not try to define a mechanism family. Thanks, Nadja
- [kitten] Request for review of a SASL mechanism u… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Simon Josefsson
- Re: [kitten] Request for review of a SASL mechani… Dave Cridland
- Re: [kitten] Request for review of a SASL mechani… Florian Schmaus
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Dave Cridland
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Alexey Melnikov