Re: [kitten] SPAKE Preauth

Nathaniel McCallum <npmccallum@redhat.com> Sat, 02 May 2015 02:25 UTC

Return-Path: <npmccallum@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E6041A011B for <kitten@ietfa.amsl.com>; Fri, 1 May 2015 19:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.911
X-Spam-Level:
X-Spam-Status: No, score=-5.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctKkUprD8wkO for <kitten@ietfa.amsl.com>; Fri, 1 May 2015 19:25:00 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 571F21A0102 for <kitten@ietf.org>; Fri, 1 May 2015 19:25:00 -0700 (PDT)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 9813E8EA57; Sat, 2 May 2015 02:24:59 +0000 (UTC)
Received: from vpn-61-171.rdu2.redhat.com (vpn-61-171.rdu2.redhat.com [10.10.61.171]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t422OwxC002574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 1 May 2015 22:24:59 -0400
Message-ID: <1430533498.2720.3.camel@redhat.com>
From: Nathaniel McCallum <npmccallum@redhat.com>
To: Nico Williams <nico@cryptonector.com>
Date: Fri, 01 May 2015 22:24:58 -0400
In-Reply-To: <20150501222257.GE10065@localhost>
References: <1430138754.2682.10.camel@redhat.com> <20150501212003.GB10065@localhost> <1430515444.2514.14.camel@redhat.com> <20150501222257.GE10065@localhost>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/n5p8muUowwEiDz5RTGp7wkhOU9k>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] SPAKE Preauth
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2015 02:25:01 -0000

On Fri, 2015-05-01 at 17:22 -0500, Nico Williams wrote:
> On Fri, May 01, 2015 at 05:24:04PM -0400, Nathaniel McCallum wrote:
> > On Fri, 2015-05-01 at 16:20 -0500, Nico Williams wrote:
> > > There should be a generic OTP 2nd factor type for user-input 
> > > OTPs.
> > > 
> > > There should also be a generic OTP 2nd factor for plug-in/NFC
> > > -type 
> > > OTPs.
> > > 
> > > For a generic OTP 2nd factor for user-input OTPs the 'data' in 
> > > the
> > > AS->client second pass should be a UTF8String, or just UTF-8.
> > > 
> > > It's important to define such generic OTP 2nd factors because 
> > > they 
> > > are
> > > quite popular.
> > 
> > I plan to create separate standards for OATH and U2F.
> 
> Is there any reason that a generic one couldn't be specified here?

Speaking for myself, I want to create a high-quality integrated
experience, not a generic one. I would prefer picking one open
standard (such as OATH) and getting the details right. This is
somewhat hard for me to quantify, but it arises from my experience
implementing RFC 6560.

Nathaniel