Re: [TLS] Remarks on draft-shin-tls-augpake-01
SeongHan Shin <seonghan.shin@aist.go.jp> Wed, 05 February 2014 06:32 UTC
Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD2031A004C for <tls@ietfa.amsl.com>; Tue, 4 Feb 2014 22:32:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.678
X-Spam-Level:
X-Spam-Status: No, score=-3.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zEtdSC-JXLGN for <tls@ietfa.amsl.com>; Tue, 4 Feb 2014 22:32:50 -0800 (PST)
Received: from na3sys010aog106.obsmtp.com (na3sys010aog106.obsmtp.com [74.125.245.80]) by ietfa.amsl.com (Postfix) with ESMTP id 947911A004A for <tls@ietf.org>; Tue, 4 Feb 2014 22:32:49 -0800 (PST)
Received: from mail-lb0-f182.google.com ([209.85.217.182]) (using TLSv1) by na3sys010aob106.postini.com ([74.125.244.12]) with SMTP ID DSNKUvHbEGd+/RdKkM4ojdJ0uhlRFox8oBZA@postini.com; Tue, 04 Feb 2014 22:32:49 PST
Received: by mail-lb0-f182.google.com with SMTP id w7so7383456lbi.27 for <tls@ietf.org>; Tue, 04 Feb 2014 22:32:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tIbQz4/Pl0Fsx/A8D72lw9yiOjn24ZCf0Ak2fm8s+3w=; b=rohVITxwJKAR5norlYQnRwNP04wQrdQbURKukJhuyX2nUY3fFpmjN0PBtfAqw0WXZg QRCOzo0uZz+EZ1taERQ5r0iKyC9vg3Luc3UTAmwOTbFgapykmuRNfBHIbMXSL2MzvxcG GkvdxHq8vNlgUZTt6MjUCD0B/1eGwWgzFo9WI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=tIbQz4/Pl0Fsx/A8D72lw9yiOjn24ZCf0Ak2fm8s+3w=; b=TcPqcUCdrVgpfIO4JlWmMo9B6m0GLLzBcUfqiStz9aC56sYKgw1wPUZywipG2qzcOa EYGzouE2dwz3jVlicAMddBIMhDr09gaLfmpERLVoZEeTTp1fYo5zR8MLqiD8+WTuYNRf IdehAEsxaxy7fOfxfYvxYu4lBFDZ8I0q0Ym+GnLTUSgtTByOesD3fLSN508TwrrDMqFz uTTDomNSKLg/WKQhmpsAimaDY5jBUmrGEmr98vCUm/1CkjZYSVpAB7qighpdPgKxHElA DJlOgAR/Ds+cgetxsGExWilziyDJtvjQ05hSdbUHPO4Ug49Vtiv7yTSW4jShJtMWMx3I kuRA==
X-Gm-Message-State: ALoCoQlxN012XJaTtnzvYY8pL20HxizuFMdqcZSOMWcMqPNmHW3BPVhzJ8vENgOaj0E+PycB7lR6GkuQOijoPD7rGke6Sog1DybUMRG5ogQU1sRkuUIx4TF+3yWxR8/Wz693H7s9DB3YbK4UjlnDLckZ4MjR0ImvGA==
X-Received: by 10.152.170.135 with SMTP id am7mr20890198lac.23.1391581967429; Tue, 04 Feb 2014 22:32:47 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.152.170.135 with SMTP id am7mr20890187lac.23.1391581967346; Tue, 04 Feb 2014 22:32:47 -0800 (PST)
Received: by 10.112.164.35 with HTTP; Tue, 4 Feb 2014 22:32:47 -0800 (PST)
In-Reply-To: <20140204125002.GA30862@LK-Perkele-VII>
References: <CACsn0cmkR+YedbbK+my2gn-4nOf5Vb53x-kcOCfKkOPhJwpQyg@mail.gmail.com> <CAEKgtqnyf4uQHCAjemoEBDvYYrDBQEhuTX4MbXB9RXft7VdPjA@mail.gmail.com> <20140204125002.GA30862@LK-Perkele-VII>
Date: Wed, 05 Feb 2014 15:32:47 +0900
Message-ID: <CAEKgtq=09r=dnEWnuDFsbTkvHphLdvLxXsukQJk=8VHwa8vjRA@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Content-Type: multipart/alternative; boundary="089e0122797ad6fcaf04f1a2ec32"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remarks on draft-shin-tls-augpake-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 06:32:52 -0000
Hi llari, Thank you for your clarity and feedbacks. >- What's the endian of bn2bin(X)? Big endian? >- How are X and Y encoded on the wire? bn2bin? The draft does not specify the above points because these depend on implementations. >- Maybe expand on consequences of terminating on invalid username I think the current check on authenticators is fine. > (allowing probing of valid usernames)? An orthodox way is to use DHE for encrypting usernames. This will be added in "Security Considerations" section. Best regards, Shin On Tue, Feb 4, 2014 at 9:50 PM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi > wrote: > On Tue, Feb 04, 2014 at 06:23:16PM +0900, SeongHan Shin wrote: > > Hi Watson, > > > > Thank you for your comments! > > A simple way to make AugPAKE to be group agnostic is to convert AugPAKE > to > > balanced one. > > Of course, I need to think about other ways. > > I think Watson meant generalizing AugPAKE over arbitrary group with > appropriate hardness properties. Especially elliptic-curve ones. > > > I see nothing that wouldn't map in straightforward manner into elliptic > curves and only bn2bin(X) that wouldn't map in straightforward manner > to completely arbitrary group. > > > As for the -1, 0, 1 check, that can be replaced with check that: > a) The element is valid (e.g. nonzero or satisfies curve equation) AND > b) The order of element has prime factor of at least q > > Those checks are quite cheap with most actually used elliptic curves. > > > Also, some misc feedback: > - What's the endian of bn2bin(X)? Big endian? > - How are X and Y encoded on the wire? bn2bin? > - Maybe expand on consequences of terminating on invalid username > (allowing probing of valid usernames)? > > > > -Ilari > -- ------------------------------------------------------------------ SeongHan Shin Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan Tel : +81-29-861-2670/5284 Fax : +81-29-861-5285 E-mail : seonghan.shin@aist.go.jp ------------------------------------------------------------------
- [TLS] Remarks on draft-shin-tls-augpake-01 Watson Ladd
- Re: [TLS] Remarks on draft-shin-tls-augpake-01 Ilari Liusvaara
- Re: [TLS] Remarks on draft-shin-tls-augpake-01 Watson Ladd
- Re: [TLS] Remarks on draft-shin-tls-augpake-01 SeongHan Shin
- Re: [TLS] Remarks on draft-shin-tls-augpake-01 Ilari Liusvaara
- Re: [TLS] Remarks on draft-shin-tls-augpake-01 SeongHan Shin