IETF Logo Mail Archive

Re: [TLS] Should TLS 1.3 use an augmented PAKE by default?

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 21 March 2014 20:39 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 793281A0A1B for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 13:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.23
X-Spam-Level:
X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90HQW-328nlA for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 13:39:37 -0700 (PDT)
Received: from mail-ee0-x234.google.com (mail-ee0-x234.google.com [IPv6:2a00:1450:4013:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8231A0A18 for <tls@ietf.org>; Fri, 21 Mar 2014 13:39:37 -0700 (PDT)
Received: by mail-ee0-f52.google.com with SMTP id e49so2221648eek.39 for <tls@ietf.org>; Fri, 21 Mar 2014 13:39:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=yPXNCGvCoCtl+NaZqYcCwbTIndXuONRZyiBeoLfEv8I=; b=Q7MTJtkZXfBC3RAGOe6AmPctQzMAavCQl82QJtnwGCwbdjCWoC9NfXY5Lf8t3r1KA3 ucX+vVLLDK2uzJgip55+XeTylFdcKCLaTEbKAgU1M5DpalGBQKCm9zVlrVzKO9urYuDv CbEo29fQ3RT6qPS3HCi/1oXP8EmGw3ZCsMg128jq9NpFOAQ/dvq2YUbfoqkRHHWxwNqS Y9dyqw2SxfOt/LvM3AG4X9xQbxXsbLCyrfHpq6ZwwfDQ+OzEvUtQ66P1ZRgfYeUaWU3F T1W+jGnImAuFW75AH6T4XwiECZUooIbYsWXQNe0pNYzKtk2YODk+MhHvHW7+TkMYbLQj Ns7g==
X-Received: by 10.15.31.137 with SMTP id y9mr49897191eeu.12.1395434367348; Fri, 21 Mar 2014 13:39:27 -0700 (PDT)
Received: from [10.0.0.1] (bzq-79-179-48-141.red.bezeqint.net. [79.179.48.141]) by mx.google.com with ESMTPSA id cb5sm14024592eeb.18.2014.03.21.13.39.25 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 21 Mar 2014 13:39:26 -0700 (PDT)
Message-ID: <532CA37C.8030409@gmail.com>
Date: Fri, 21 Mar 2014 22:39:24 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Andy Lutomirski <luto@amacapital.net>, ryan-ietftls@sleevi.com
References: <53288C43.9010205@mit.edu> <5328B6DF.8070703@fifthhorseman.net> <5328C0C8.9060403@mit.edu> <6b79e0820d349720f12b14d4706a8a5d.squirrel@webmail.dreamhost.com> <CALCETrUz8zCBHiq42GTnkkSaBcpA5pjSvk6kwwPjzn+MtBKMgA@mail.gmail.com>
In-Reply-To: <CALCETrUz8zCBHiq42GTnkkSaBcpA5pjSvk6kwwPjzn+MtBKMgA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8ZN_uvO24y-9dEezFStVTJl5SQA
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should TLS 1.3 use an augmented PAKE by default?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 20:39:38 -0000

>
> Even for IMAP, using PAKE, augmented or balanced, would give a
> significant amount of protection against MITMs who have compromised a
> CA.  Since compromising a CA seems to be a popular thing to do these
> days, resisting these attacks at the protocol level would add
> considerable value.
>
> --Andy
>

IMAP/SMTP is a great example where PAKE could add significant security: 
CA compromise is arguably rare, but coffee-shop captive portals that 
hijack IMAP/SMTP and present their own certificate are quite common. The 
user gets a message from their mail client asking if they will accept 
this certificate, and you can guess what they'll choose... Next thing 
you know, the password is sent in the clear to the server.

Thanks,
	Yaron

v2.23.0 | Report a Bug | By Email