[saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt
"Christian Huitema" <huitema@huitema.net> Thu, 27 October 2016 22:50 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D134D126D74 for <saag@ietfa.amsl.com>; Thu, 27 Oct 2016 15:50:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nb57N5l2aq2d for <saag@ietfa.amsl.com>; Thu, 27 Oct 2016 15:50:30 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 081531295CA for <saag@ietf.org>; Thu, 27 Oct 2016 15:50:30 -0700 (PDT)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1bztVC-000752-EP for saag@ietf.org; Fri, 28 Oct 2016 00:50:28 +0200
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1bztV6-0006Ut-IZ for saag@ietf.org; Thu, 27 Oct 2016 18:50:24 -0400
Received: (qmail 26722 invoked from network); 27 Oct 2016 22:50:18 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.170]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <daniel.kaiser@uni-konstanz.de>; 27 Oct 2016 22:50:18 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Security Area Advisory Group' <saag@ietf.org>
References: <147759367305.24571.1901485379557644251.idtracker@ietfa.amsl.com>
In-Reply-To: <147759367305.24571.1901485379557644251.idtracker@ietfa.amsl.com>
Date: Thu, 27 Oct 2016 15:50:15 -0700
Message-ID: <051801d230a4$7cff6d90$76fe48b0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLu2culDfn2dS5/8lcO2QPyo82E/J6DYpRA
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dEg6JV/61tZlj5wAuP2cHSs0HbLcIXRK+rCYHS2Pxr4sUvWQm1ERVuodk8O3ETzMD9BF XKWM8bisGZohKSi1T/r8U1Bpg3BtEE2joe6S6iG/dcmtTcWSOKD5RASVzg27isAXVRQgHbLLzV7b 3SwTZqt5kYwBFjHSX1ySASMY7Q8kVWau65pVsnZkx/s3iU5HXZFVgpT1b21uZVckGp0ccOY/32e+ 5fVqy4sN42wuoCbdc1pXJXxpAbEqfV7bN3pyp/i885J4uw2WezmviQauN2SLBDMrD7q/cJogwbqz suok2jmyqSBZG+RxUC8CBX34LAZIe8Pggnek1xH/TgvWD0MaKXvNWrRcSD72jROfhu6vZJ0Q4x+0 GOxZvoENDONKwZkjGlUCvU6ZAmJB8zrNH9DxX8G2bApANEDRnSX/sJx0Uf5/xO8dap3thvg9e/eV ioOoT5f9zNwjlArtXM+EHVJ52x4j7SJ9+yFYhxTTZdKAmJdDwLTy7ggkbtiREBmTEN9TLrF9l3It GfA/WrnALV46n/TYyQX4QewGgUaWBSqGlrtXw1c9IHjJjxHw61Bw8RquN6UIEUbDp4qQeYkcvTCl J+6wa7BDiaF6UX6W4Pbk
X-Report-Abuse-To: spam@mx99.antispamcloud.com
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5qcLM8BRrNxvKOuhA0N1th2etGk>
Cc: 'Tim Chown' <Tim.Chown@jisc.ac.uk>, daniel.kaiser@uni-konstanz.de, 'Ralph Droms' <rdroms.ietf@gmail.com>
Subject: [saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 22:50:35 -0000
This draft attempts to define a secure way to establish pairing between
devices, resulting in a shared secret. The proposed solution combines
discovery using DNS-SD, establishment of a TLS connection using {EC]DH ANON,
extraction of a shared secret per RFC 5705, and visual verification of a
short authentication string established using an application level "bit
flipping" protocol. A similar process is used in ZRTP. The draft is
developed in the internet area, but it can certainly benefit from review by
the security area...
-- Christian Huitema
-----Original Message-----
From: dnssd [mailto:dnssd-bounces@ietf.org] On Behalf Of
internet-drafts@ietf.org
Sent: Thursday, October 27, 2016 11:41 AM
To: i-d-announce@ietf.org
Cc: dnssd@ietf.org
Subject: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Extensions for Scalable DNS Service
Discovery of the IETF.
Title : Device Pairing Using Short Authentication Strings
Authors : Christian Huitema
Daniel Kaiser
Filename : draft-ietf-dnssd-pairing-00.txt
Pages : 20
Date : 2016-10-27
Abstract:
This document proposes a device pairing mechanism that establishes a
relationship between two devices by agreeing on a secret and manually
verifying the secret's authenticity using an SAS (short
authentication string). Pairing has to be performed only once per
pair of devices, as for a re-discovery at any later point in time,
the exchanged secret can be used for mutual authentication.
The proposed pairing method is suited for each application area where
human operated devices need to establish a relation that allows
configurationless and privacy preserving re-discovery at any later
point in time. Since privacy preserving applications are the main
suitors, we especially care about privacy.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnssd-pairing/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-dnssd-pairing-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
dnssd mailing list
dnssd@ietf.org
https://www.ietf.org/mailman/listinfo/dnssd
- [saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-p… Christian Huitema