Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-04.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 20 July 2018 02:55 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4537013104A for <tls@ietfa.amsl.com>; Thu, 19 Jul 2018 19:55:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ktjmONyPRbw for <tls@ietfa.amsl.com>; Thu, 19 Jul 2018 19:55:52 -0700 (PDT)
Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14F8C13103F for <tls@ietf.org>; Thu, 19 Jul 2018 19:55:52 -0700 (PDT)
Received: by mail-io0-x243.google.com with SMTP id z20-v6so8812558iol.0 for <tls@ietf.org>; Thu, 19 Jul 2018 19:55:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ZovJC2gN5QLZIRJYPthcx/b+3LHviYRCn4ilK17/Puk=; b=p8gLg3f/VNewEHD/RXsG0ZlH4LOi6yRM+oykiB0644mfnk/JHflbQsk+eVmn40vCKo ESVdD2Pq7QNU9p2xiHpom0gQegZTGG/RP1MjOI/nBc3FhZuUoKF3BnE5mC61JAhGBazD Vf/TO7jha/LXTK6uXXv3JoJmyc5OgEbVl+NUfM7y7MZglfC1ur6wTlx8cibiBjIw8bdJ a6HqhvElyWYDcn+Kd8oB4j+aRzB4gbF1vmLSgGtTPnprgRYgcR4R1w/VZROflvD+IPXP +p10YNo7ULlCWapY6KOXB3myXDxtPcYwMRSoCXNdEwZydpamKUsdG71zzBkMWT0Fg6fp 2zdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ZovJC2gN5QLZIRJYPthcx/b+3LHviYRCn4ilK17/Puk=; b=C49lnwjqhrTSUb8ZdwQSgy/e5cUvFBXzXxNdSOMvxH3J2GdH5rQdx2fXI1TgcwJdGk aW6Ejr8m35Gu6V+WziolXmsWrbo/ztTiw7wltuxKn4Tq8ukoOnusVAf+MuzR1G+mBCPb 40IKFAvCGhOG0LIRQ2pV4s/hOCQ/YfosFm30ajcUpwwsp0Vdrh5uH268cx8l0b1wsMlc +Xu18suXYlc8I+fyi5WeT2UsaXC2o44CcnM8Z9bHq1sZJ7wf64YQ0ssbgTdKl0DpEwzJ algNG+xH1LUu7+S/M6IWU5jzLf3F+8+VxyMG4PU2hnw+oIV1Vv27Sf1WwZ2d7ynUqQfN xwPQ==
X-Gm-Message-State: AOUpUlFfxsVNlKmKAeuoPBFv7NAUwNHfeVPLcJ2T+dhHehzuX1YysLpR xxY3pm5GgyRN5y7tMMfCm5sD4U1bA8g=
X-Google-Smtp-Source: AAOMgpcNUPsyrB70n4ied6ydF6A2jf7gqFZMzBFOuNYVp3pxnAIDmyHU8AAlrhhAoPivkwN1Nb9MMA==
X-Received: by 2002:a6b:8828:: with SMTP id k40-v6mr186445iod.68.1532055351250; Thu, 19 Jul 2018 19:55:51 -0700 (PDT)
Received: from [172.20.5.95] ([207.115.103.227]) by smtp.gmail.com with ESMTPSA id u12-v6sm601108ita.1.2018.07.19.19.55.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Jul 2018 19:55:50 -0700 (PDT)
To: Tim Hollebeek <tim.hollebeek@digicert.com>, Hugo Krawczyk <hugo@ee.technion.ac.il>, Richard Barnes <rlb@ipv.sx>
Cc: "<tls@ietf.org>" <tls@ietf.org>
References: <153176915207.21824.6939177297174810137.idtracker@ietfa.amsl.com> <CAL02cgTYN=rQo8_ZiENs4ByWErgPn-u7x8pw9rePpZzhqFhwMQ@mail.gmail.com> <CADi0yUO4Th43FF+XVJQ1Tvsv_bmJJTWkNo2WYZ-jn8kBfGiSsA@mail.gmail.com> <BN6PR14MB1106CA7FAAFBDE414FF4A6BE83520@BN6PR14MB1106.namprd14.prod.outlook.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <95483aa1-710a-4e05-c131-09e467999524@gmail.com>
Date: Thu, 19 Jul 2018 22:55:48 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <BN6PR14MB1106CA7FAAFBDE414FF4A6BE83520@BN6PR14MB1106.namprd14.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BMX0ksMDDQQ7odYSdUAxjf78eWE>
Subject: Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 02:55:56 -0000
I strongly support this work. Also, having made this mistake myself in the past: please make sure that we have one fully specified PAKE in this document, and not only a generic envelope. This will ensure that TLS libraries have at least one working, and interoperable, PAKE, Thanks, Yaron On 19/07/18 10:10, Tim Hollebeek wrote: > Unfortunately, I haven’t had time to review the document, but +1 for > interesting problem, and +1 for anything Richard writes as a good > starting point, even if I haven’t read it. > > -Tim > > *From:* TLS <tls-bounces@ietf.org> *On Behalf Of *Hugo Krawczyk > *Sent:* Wednesday, July 18, 2018 7:13 PM > *To:* Richard Barnes <rlb@ipv.sx> > *Cc:* <tls@ietf.org> <tls@ietf.org> > *Subject:* Re: [TLS] Fwd: New Version Notification for > draft-barnes-tls-pake-04.txt > > +1 for this work. > > If you are one of those that think, as I did 20 years ago, that password > authentication is dying and practical replacements are just around the > corner, do not support this document. Otherwise, please do. > > Asymmetric or augmented PAKE (aPAKE) protocols provide secure password > authentication in the common client-server case (where the server stores > a one-way mapping of the password) without relying on PKI - except > during user/password registration. Passwords remain secure regardless of > which middleboxes or endpoints spy into your decrypted TLS streams. The > server never sees the password, not even during password registration. > > To see real deployment of such protocols, they need to be integrated > with TLS which is what Barnes's draft facilitates. Not only this improve > significantly the protection of passwords and password authentication, > but aPAKE protocols also provide an hedge against PKI failures by > enabling mutual client-server authentication without relying on regular > server certificates. > > Hugo > > On Wed, Jul 18, 2018 at 1:18 PM, Richard Barnes <rlb@ipv.sx > <mailto:rlb@ipv.sx>> wrote: > > Hey TLS WG, > > In response to some of the list discussion since the last IETF, Owen > and I revised our TLS PAKE draft. In the current version, instead > of binding to a single PAKE (SPAKE2+), it defines a general > container that can carry messages for any PAKE that has the right > shape. And we think that "right shape" covers several current > PAKEs: SPAKE2+, Dragonfly, SRP, OPAQUE, ..... > > The chairs have graciously allotted us 5min on the agenda for > Thursday, where I'd like to ask for the WG to adopt the document. > So please speak up if you think this is an interesting problem for > the TLS WG to work on, and if you think the approach in this > document is a good starting point. Happy for comments here or at > the microphone on Thursday! > > Thanks, > > --Richard > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> > Date: Mon, Jul 16, 2018 at 3:25 PM > Subject: New Version Notification for draft-barnes-tls-pake-04.txt > To: Richard Barnes <rlb@ipv.sx <mailto:rlb@ipv.sx>>, Owen Friel > <ofriel@cisco.com <mailto:ofriel@cisco.com>> > > > > > A new version of I-D, draft-barnes-tls-pake-04.txt > has been successfully submitted by Richard Barnes and posted to the > IETF repository. > > Name: draft-barnes-tls-pake > Revision: 04 > Title: Usage of PAKE with TLS 1.3 > Document date: 2018-07-16 > Group: Individual Submission > Pages: 11 > URL: https://www.ietf.org/internet-drafts/draft-barnes-tls-pake-04.txt > Status: https://datatracker.ietf.org/doc/draft-barnes-tls-pake/ > Htmlized: https://tools.ietf.org/html/draft-barnes-tls-pake-04 > Htmlized: https://datatracker.ietf.org/doc/html/draft-barnes-tls-pake > Diff: https://www.ietf.org/rfcdiff?url2=draft-barnes-tls-pake-04 > > Abstract: > The pre-shared key mechanism available in TLS 1.3 is not > suitable for > usage with low-entropy keys, such as passwords entered by users. > This document describes an extension that enables the use of > password-authenticated key exchange protocols with TLS 1.3. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org>. > > The IETF Secretariat > > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Fwd: New Version Notification for draft-bar… Richard Barnes
- Re: [TLS] Fwd: New Version Notification for draft… Hugo Krawczyk
- Re: [TLS] Fwd: New Version Notification for draft… Tim Hollebeek
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer