Re: [kitten] SPAKE Preauth

Nathaniel McCallum <> Mon, 04 May 2015 15:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 27C9F1A1EF3 for <>; Mon, 4 May 2015 08:25:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.91
X-Spam-Status: No, score=-5.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S9CCRXE8lIih for <>; Mon, 4 May 2015 08:25:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E45E61A1BDD for <>; Mon, 4 May 2015 08:25:51 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPS id 984C98F024; Mon, 4 May 2015 15:25:51 +0000 (UTC)
Received: from ( []) by (8.14.4/8.14.4) with ESMTP id t44FPoqa001692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 4 May 2015 11:25:51 -0400
Message-ID: <>
From: Nathaniel McCallum <>
To: Ken Hornstein <>
Date: Mon, 04 May 2015 11:25:50 -0400
In-Reply-To: <>
References: <>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on
Archived-At: <>
Subject: Re: [kitten] SPAKE Preauth
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 May 2015 15:25:53 -0000

On Mon, 2015-05-04 at 10:40 -0400, Ken Hornstein wrote:
> > Essentially, the answer is different whether OTP is supposed to be 
> > the
> > first (and only) authentication factor, or a second factor to be 
> > used in
> > conjunction with a password.
> See, I think you've got the question all wrong.  My question is NOT,
> "Is OTP supposed to be the only authentication factor?", it's, "Which
> protocol is it actually possible for me to deploy successfully?"

I believe the tension you are seeing here is the result of
commoditization of 2FA. Early on, 2FA systems were entirely parallel
authentication stacks which authenticators would need to integrate
with. As 2FA commoditized, we see open protocols which can be
integrated into existing authentication stacks.

Pre-commiditized 2FA is the context of RFC 6560. There is no attempt
here to use the existing 1FA infrastructure of Kerberos. RFC 6560 is
just a fancy method for passing credentials in cleartext through
Kerberos protected by FAST. The KDC then passes these credentials
directly to the parallel authentication stack. It is the HTTPS Basic
Auth of the Kerberos world.

However, after 2FA commoditized the question becomes how can I augment
my existing authentication stack (1FA Kerberos) with a 2FA method.
This is what SPAKE Preauth provides.

Now, I think your questions here raise an interesting point: can and
should we require some standardization to use the 2FA feature of SPAKE
preauth? I think the answer is no. And I've come to think that the
SPAKESecondFactor type field should really be OBJECT IDENTIFIER.