Re: [saag] Perfect Forward Secrecy vs Forward Secrecy
"Hao, Feng" <Feng.Hao@warwick.ac.uk> Wed, 18 March 2020 17:16 UTC
Return-Path: <Feng.Hao@warwick.ac.uk>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990D93A18FF for <saag@ietfa.amsl.com>; Wed, 18 Mar 2020 10:16:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NskRRkUlC-K for <saag@ietfa.amsl.com>; Wed, 18 Mar 2020 10:16:54 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2065.outbound.protection.outlook.com [40.107.22.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A00723A18F9 for <saag@ietf.org>; Wed, 18 Mar 2020 10:16:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZupDUXAJ1+VzyyCo0uWbEnfi27QfOEpj9QpxpZ9y84m33MrqJ3pEo03WEHPPSiZTomOI758fJbCrmXM9Wd9WWuNZtmqJclkT7GWza4cBYO4PAgtSggQyIuYEnDq673buKFIqOxqnrnC0/9Hdj2Qy/4Bjy8bGwOx3a7Gust3b0LPg6qD2sCACen3DcfQvG7ev0i66a5KHjRu8iupfUZijw64A6AIISUrs24Nrvqmr8emmSa8YYv5RZmNTPxiEbS+7ZInjP4Rk1Dok4EgNioYgp8y4njUyaOf3mokiqqayTOD5hdUK5Z45CuCzsUBGWVBVWfZsjvuOcYQuS8RuIvOyCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=E9tej+1mv0TUR8zLhkNtIHbsi3T4jnMlMCMT0xgq7gg=; b=dJOWIVZvrhraGpv9dE3XkUWewGvzzf77SOVyScRui3GpNmjLDzRiLy4hJAg9DEMJs8GN6fvq2hv7xzTP6SowscSQqLuggrMLcRwwPUfM+zany79svuYEnTzbQVI84xEeZqHkOih3FxznyP3BFOGutHIS4GaKr7Y9Uwv2ajKnirSnoj14YPzkFPPLIgIpHVWqNSVvNe1s2yjdpwKwod9s/ojZGclQujEb2jDFnohpW99snkHWgjlXUhqPdPHVUOQ9KAAuGNQtyVCh/Y6itKTjOfd4MauRBpgXgyv/Bge2CVNBnlENMcnjY1qr12GiYqlXBmopzaRikDthxK0A3PKg7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=warwick.ac.uk; dmarc=pass action=none header.from=warwick.ac.uk; dkim=pass header.d=warwick.ac.uk; arc=none
Received: from DB7PR01MB5435.eurprd01.prod.exchangelabs.com (20.178.104.28) by DB7PR01MB4774.eurprd01.prod.exchangelabs.com (20.177.122.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.18; Wed, 18 Mar 2020 17:16:51 +0000
Received: from DB7PR01MB5435.eurprd01.prod.exchangelabs.com ([fe80::8586:99b1:9fc5:9a93]) by DB7PR01MB5435.eurprd01.prod.exchangelabs.com ([fe80::8586:99b1:9fc5:9a93%7]) with mapi id 15.20.2835.017; Wed, 18 Mar 2020 17:16:51 +0000
From: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
To: Nico Williams <nico@cryptonector.com>, Robert Moskowitz <rgm-sec@htt-consult.com>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Perfect Forward Secrecy vs Forward Secrecy
Thread-Index: AQHV/TKuVIynJFZorEOTviReKuT/F6hObiUAgAABcQCAABI5gIAAFdEA
Date: Wed, 18 Mar 2020 17:16:51 +0000
Message-ID: <949B71B6-87CD-4AF1-A7F7-7CC196CCA2ED@warwick.ac.uk>
References: <7231a98e-e4a2-55c9-3a51-d62886d7d061@htt-consult.com> <F318A864-CC99-47F7-BEFF-608F93AEB451@akamai.com> <89121466-d091-5f22-a053-a2a618946908@htt-consult.com> <20200318155843.GH18021@localhost>
In-Reply-To: <20200318155843.GH18021@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.13.200210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Feng.Hao@warwick.ac.uk;
x-originating-ip: [86.1.47.16]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8a479765-b7c3-4b52-cc6a-08d7cb602639
x-ms-traffictypediagnostic: DB7PR01MB4774:
x-microsoft-antispam-prvs: <DB7PR01MB4774AA034D688B8DCF13D329D6F70@DB7PR01MB4774.eurprd01.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 03468CBA43
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(366004)(346002)(136003)(376002)(199004)(71200400001)(86362001)(6486002)(6512007)(2906002)(5660300002)(91956017)(76116006)(966005)(66446008)(66476007)(64756008)(66946007)(66556008)(33656002)(36756003)(6506007)(53546011)(478600001)(110136005)(786003)(316002)(4326008)(26005)(186003)(2616005)(81156014)(81166006)(8936002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR01MB4774; H:DB7PR01MB5435.eurprd01.prod.exchangelabs.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: warwick.ac.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ydlA861wAbz9xvfeaNg5IgQphKoSdZo3C7sXrwWaYVo99PbPlWT0k7Ak2cq1wF4GXiqUU1lHB9PZ8LMGCi+SuH30n2parbcKx85O2DKFxPEe7fckZCV8ymZOl4pW9Ky2Sx0j0U02EieLvWIysOaAO6pkQVTWDprjD5LUVwi2Bl2UO/69Itwd6HH5XZLEeBO4pg7+zpO0el/24Yemhr39lNF0E1h4Hce3n/1iQJnJIIzRW7C3KKAbY4JgUh1lk6UZIENY8vmJASPwevr5B2cFw6EFtSV6O1WKWNMok0G2Cr/2eJJY5lA8egebxZpXkpd32J/FzODaO8KoQXyZHmspKeg1gfxtJ5hJ/iShGuMhfaW+rZ0qGSsJgqYF9EFo3gbk9hpvRCR+jfYJ0o4eOtW9lXUH/aCYOayHPqEABW6y53vdKO60N2XZpiqYpAcfLu0d4nSRoMaylI1Jh/WX2wI4WrBEmnUwOt2+GU1kqdD+XvYjQl1f06AK5nEPVJo2qplJkFVTuXJM61PTgo7f6haKZg==
x-ms-exchange-antispam-messagedata: ks1c/EIDinKKBx0892uY5GOIUBTDKJ65OJ7faqOK0v/pt3ExgbzYyHKDvLO/4rX/dzXE+PQrnGrzjF3linYsc/9RbZj35gVfiFDV4dIWLRaYX7oh+2hCcZkbxR0viHj91DJBPhArlb0SaUTr+60wNg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <FB3AC4E3BA006349BB5E03D5EC77C12B@eurprd01.prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: warwick.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 8a479765-b7c3-4b52-cc6a-08d7cb602639
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2020 17:16:51.0497 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09bacfbd-47ef-4465-9265-3546f2eaf6bc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R7cR+TJXxLAR+lwO9E27fCG1Y0JfCktcrrhyIrGIeAAS5640AmThqCgGqyOaiUbFbY5JTocPEVZzlvlSWP6idFzUowcZQmT+gWrrQOuMXrY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR01MB4774
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/8WOP6d0482uu7B7UVtq9kNWt2w8>
Subject: Re: [saag] Perfect Forward Secrecy vs Forward Secrecy
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 17:16:56 -0000
The use of PFS is very prevalent in the past literature on key exchange. In 2010, when I was working on the YAK protocol [1], I did wonder why the term PFS was used everywhere despite that the word "perfect" obviously has no concreate meaning. At the time I found the very few papers that suggest the word "perfect" in PFS is redundant are MQV papers (1998, and the later 2003 journal version). In [1], I explicitly dropped the word "perfect" from PFS as it really has no concrete meaning. But within the context of the protocol that I was designing, I defined half/full forward secrecy to explicitly distinguish the two cases that when one or both parties' static keys are compromised. [1] https://eprint.iacr.org/2010/136.pdf Cheers, Feng On 18/03/2020, 15:59, "saag on behalf of Nico Williams" <saag-bounces@ietf.org on behalf of nico@cryptonector.com> wrote: On Wed, Mar 18, 2020 at 10:53:32AM -0400, Robert Moskowitz wrote: > On 3/18/20 10:48 AM, Salz, Rich wrote: > > Was the person who asked you to make the change a security person? > > A Sec AD. > > > Can you ask them for a rationale? > > His preference as, "perfection is hard to attain." The switch from calling it PFS to just FS came a long time ago -- I don't recall exactly, but it feels like roughly a decade ago. I'm not sure why, and "perfection is hard to attain" does seem a bit silly considering PFS is a term of art, but then, our terms of art get used by snake oil salespeople. Not that making one term of art harder to repurpose for snake oil sales -if that was the intent- will make much of a dent. But as you note, this ship has sailed. Nico -- _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag
- [saag] Perfect Forward Secrecy vs Forward Secrecy Robert Moskowitz
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Salz, Rich
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Robert Moskowitz
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Christopher Wood
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Salz, Rich
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Nico Williams
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Dan Brown
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Nico Williams
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Mark D. Baushke
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Jon Callas
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Eric Rescorla
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Christopher Wood
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Nico Williams
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Hao, Feng
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Eric Rescorla
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Nico Williams
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Dan Brown
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Benjamin Kaduk
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… Robert Moskowitz
- Re: [saag] Perfect Forward Secrecy vs Forward Sec… John Mattsson