[saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt
"Christian Huitema" <huitema@huitema.net> Thu, 27 October 2016 22:50 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D134D126D74 for <saag@ietfa.amsl.com>; Thu, 27 Oct 2016 15:50:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nb57N5l2aq2d for <saag@ietfa.amsl.com>; Thu, 27 Oct 2016 15:50:30 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 081531295CA for <saag@ietf.org>; Thu, 27 Oct 2016 15:50:30 -0700 (PDT)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1bztVC-000752-EP for saag@ietf.org; Fri, 28 Oct 2016 00:50:28 +0200
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1bztV6-0006Ut-IZ for saag@ietf.org; Thu, 27 Oct 2016 18:50:24 -0400
Received: (qmail 26722 invoked from network); 27 Oct 2016 22:50:18 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.170]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <daniel.kaiser@uni-konstanz.de>; 27 Oct 2016 22:50:18 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Security Area Advisory Group' <saag@ietf.org>
References: <147759367305.24571.1901485379557644251.idtracker@ietfa.amsl.com>
In-Reply-To: <147759367305.24571.1901485379557644251.idtracker@ietfa.amsl.com>
Date: Thu, 27 Oct 2016 15:50:15 -0700
Message-ID: <051801d230a4$7cff6d90$76fe48b0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLu2culDfn2dS5/8lcO2QPyo82E/J6DYpRA
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dEg6JV/61tZlj5wAuP2cHSs0HbLcIXRK+rCYHS2Pxr4sUvWQm1ERVuodk8O3ETzMD9BF XKWM8bisGZohKSi1T/r8U1Bpg3BtEE2joe6S6iG/dcmtTcWSOKD5RASVzg27isAXVRQgHbLLzV7b 3SwTZqt5kYwBFjHSX1ySASMY7Q8kVWau65pVsnZkx/s3iU5HXZFVgpT1b21uZVckGp0ccOY/32e+ 5fVqy4sN42wuoCbdc1pXJXxpAbEqfV7bN3pyp/i885J4uw2WezmviQauN2SLBDMrD7q/cJogwbqz suok2jmyqSBZG+RxUC8CBX34LAZIe8Pggnek1xH/TgvWD0MaKXvNWrRcSD72jROfhu6vZJ0Q4x+0 GOxZvoENDONKwZkjGlUCvU6ZAmJB8zrNH9DxX8G2bApANEDRnSX/sJx0Uf5/xO8dap3thvg9e/eV ioOoT5f9zNwjlArtXM+EHVJ52x4j7SJ9+yFYhxTTZdKAmJdDwLTy7ggkbtiREBmTEN9TLrF9l3It GfA/WrnALV46n/TYyQX4QewGgUaWBSqGlrtXw1c9IHjJjxHw61Bw8RquN6UIEUbDp4qQeYkcvTCl J+6wa7BDiaF6UX6W4Pbk
X-Report-Abuse-To: spam@mx99.antispamcloud.com
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5qcLM8BRrNxvKOuhA0N1th2etGk>
Cc: 'Tim Chown' <Tim.Chown@jisc.ac.uk>, daniel.kaiser@uni-konstanz.de, 'Ralph Droms' <rdroms.ietf@gmail.com>
Subject: [saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 22:50:35 -0000
This draft attempts to define a secure way to establish pairing between devices, resulting in a shared secret. The proposed solution combines discovery using DNS-SD, establishment of a TLS connection using {EC]DH ANON, extraction of a shared secret per RFC 5705, and visual verification of a short authentication string established using an application level "bit flipping" protocol. A similar process is used in ZRTP. The draft is developed in the internet area, but it can certainly benefit from review by the security area... -- Christian Huitema -----Original Message----- From: dnssd [mailto:dnssd-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Thursday, October 27, 2016 11:41 AM To: i-d-announce@ietf.org Cc: dnssd@ietf.org Subject: [dnssd] I-D Action: draft-ietf-dnssd-pairing-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Extensions for Scalable DNS Service Discovery of the IETF. Title : Device Pairing Using Short Authentication Strings Authors : Christian Huitema Daniel Kaiser Filename : draft-ietf-dnssd-pairing-00.txt Pages : 20 Date : 2016-10-27 Abstract: This document proposes a device pairing mechanism that establishes a relationship between two devices by agreeing on a secret and manually verifying the secret's authenticity using an SAS (short authentication string). Pairing has to be performed only once per pair of devices, as for a re-discovery at any later point in time, the exchanged secret can be used for mutual authentication. The proposed pairing method is suited for each application area where human operated devices need to establish a relation that allows configurationless and privacy preserving re-discovery at any later point in time. Since privacy preserving applications are the main suitors, we especially care about privacy. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dnssd-pairing/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dnssd-pairing-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ dnssd mailing list dnssd@ietf.org https://www.ietf.org/mailman/listinfo/dnssd
- [saag] FW: [dnssd] I-D Action: draft-ietf-dnssd-p… Christian Huitema