Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt
"Dan Harkins" <dharkins@lounge.org> Fri, 28 March 2014 22:55 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A775E1A06D8 for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 15:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5ru2idGUMFY for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 15:55:30 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 46C901A03CF for <tls@ietf.org>; Fri, 28 Mar 2014 15:55:30 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 95012A888012; Fri, 28 Mar 2014 15:55:27 -0700 (PDT)
Received: from 199.127.104.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 28 Mar 2014 15:55:28 -0700 (PDT)
Message-ID: <dd67ab76dee19a82a0dfcdaa6512b905.squirrel@www.trepanning.net>
In-Reply-To: <CACsn0c==pRzDKd7G=eAhds=o9qexqe9Jb3DgNC9gzh-6xaKcAQ@mail.gmail.com>
References: <20140328195334.19328.19928.idtracker@ietfa.amsl.com> <CACsn0c==pRzDKd7G=eAhds=o9qexqe9Jb3DgNC9gzh-6xaKcAQ@mail.gmail.com>
Date: Fri, 28 Mar 2014 15:55:28 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Watson Ladd <watsonbladd@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6VufyrGbl4q_SOmDOC27kUREvHA
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 22:55:31 -0000
On Fri, March 28, 2014 2:49 pm, Watson Ladd wrote: > On Fri, Mar 28, 2014 at 3:53 PM, <internet-drafts@ietf.org> wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Transport Layer Security Working Group >> of the IETF. >> >> Title : Secure Password Ciphersuites for Transport >> Layer Security (TLS) >> Authors : Dan Harkins >> Dave Halasz >> Filename : draft-ietf-tls-pwd-04.txt >> Pages : 35 >> Date : 2014-03-28 > > Why should we trust this PAKE? I've got only partial results in this > direction, but they are not sufficient for me to adopt it when better > validated alternatives exist like those based on distrustful MPC. I'm not sure what you mean by "we" but it got quite a bit of review in CFRG and that resulted in fixing the only real technical issue brought up: potential for a side-channel attack. Scott Fluhrer came up with a way to do a random blinding of a value when checking whether its a quadratic residue that effectively addresses that concern. These ciphersuites are drop-in replacements for things like PSK ciphersuites, not for popular ones used in browsers. In fact, I agree with several on this list who are pointing out that using a PAKE in a browser is not a good idea. If you're happy doing cert-based TLS, or happy with HTTP Digest authentication (or whatever) then these are not for you. But the entirety of networking is not "the web" and these ciphersuites work well with some specific use cases (see the draft). regards, Dan.
- [TLS] I-D Action: draft-ietf-tls-pwd-04.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Dan Harkins
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Dan Harkins
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Cullen Jennings
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Nico Williams
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Nico Williams
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Nico Williams
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Dan Harkins
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Nico Williams
- Re: [TLS] I-D Action: draft-ietf-tls-pwd-04.txt Dan Harkins
- [TLS] PSK has no security? ... was Re: I-D Action… Hannes Tschofenig