Re: [kitten] SPAKE Preauth

Benjamin Kaduk <kaduk@MIT.EDU> Sat, 02 May 2015 18:15 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 796721A8A96 for <kitten@ietfa.amsl.com>; Sat, 2 May 2015 11:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D19xSgam1_wj for <kitten@ietfa.amsl.com>; Sat, 2 May 2015 11:15:34 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AAD61A8A95 for <kitten@ietf.org>; Sat, 2 May 2015 11:15:33 -0700 (PDT)
X-AuditID: 1209190d-f79676d000000da0-b7-554514435147
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 79.6B.03488.34415455; Sat, 2 May 2015 14:15:31 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t42IFVh8011199; Sat, 2 May 2015 14:15:31 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t42IFSKr022033 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 2 May 2015 14:15:30 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t42IFSIl010018; Sat, 2 May 2015 14:15:28 -0400 (EDT)
Date: Sat, 2 May 2015 14:15:28 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nathaniel McCallum <npmccallum@redhat.com>
In-Reply-To: <1430515954.2514.17.camel@redhat.com>
Message-ID: <alpine.GSO.1.10.1505021412500.22210@multics.mit.edu>
References: <1430138754.2682.10.camel@redhat.com> <553FA2B3.8030301@mit.edu> <alpine.GSO.1.10.1504281531500.22210@multics.mit.edu> <20150501211503.GA10065@localhost> <1430515138.2514.10.camel@redhat.com> <20150501212321.GC10065@localhost> <1430515623.2514.16.camel@redhat.com> <20150501213055.GD10065@localhost> <1430515954.2514.17.camel@redhat.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleLIzCtJLcpLzFFi42IR4hTV1nUWcQ01mLHG3OLo5lUsFqeuHWGz mPt1FqsDs8fLU+cYPZYs+cnk8X7fVbYA5igum5TUnMyy1CJ9uwSujE8nrzMWfGKtWHDhPVMD 4x2WLkYODgkBE4m7T/K7GDmBTDGJC/fWs3UxcnEICSxmkvi9+xWUs4FR4n/zXVYI5yCTxOKm JiaQFiGBeolNn/eC2SwCWhInt05jBrHZBFQkZr7ZyAZiiwjoSSzbN4ERxGYW8JN4e+o8WFxY QFni7KtT7CA2p4CRxLSuJ2BzeAUcJTov9jFDLHvMJPH28DOwZlEBHYnV+6ewQBQJSpyc+YQF YqiWxPLp21gmMArOQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6RXm5miV5qSukm RnD4SvLuYHx3UOkQowAHoxIP7wctl1Ah1sSy4srcQ4ySHExKorx3/wKF+JLyUyozEosz4otK c1KLDzFKcDArifB2M7uGCvGmJFZWpRblw6SkOViUxHk3/eALERJITyxJzU5NLUgtgsnKcHAo SfCaCQM1ChalpqdWpGXmlCCkmTg4QYbzAA2PB6nhLS5IzC3OTIfIn2LU5bgz5f8iJiGWvPy8 VClx3gSQIgGQoozSPLg5sLTzilEc6C1h3k6QKh5gyoKb9ApoCRPQkgP1LiBLShIRUlINjPVF HernJd8vldXj22Xy6/jeiNDVvaFf/X/f5KtPzqzaGn7lze64NIszz2UObfz7Resgo7Sa0b9N /HPuLv6Wyan56uuLrtXTxCV/P6qZeF0j5nDuPr/IXV+tDG/FHmYR5Pu/ZavXsoTFZ7gmbtpc dPve728JzxZsnBno6bnDvfCQ5DmpmQ5109mVWIozEg21mIuKEwGubmQPFgMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/rxrezk7ivIZvkLvHce5-BILAxr8>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] SPAKE Preauth
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2015 18:15:35 -0000

On Fri, 1 May 2015, Nathaniel McCallum wrote:

> On Fri, 2015-05-01 at 16:30 -0500, Nico Williams wrote:
> >
> > Any OTPs that require continuation then result in this leak.  This
> > has
> > to be documented, since avoiding this leak is a core feature of this
> > protocol.
>
> Correct. Is the current warning insufficient? It is my understanding
> this is spelled out in the security considerations section.

I think I already mentioned this in my earlier comments, but I think that
mentioning more prominently in the introduction the goal of not leaking
which factor was incorrect, with the caveat about continuation messages
losing this property, would be an improvement to just mentioning it in the
security considerations.

-Ben