[TLS] PWD LC for TLS's "Standard RFC"? (Re: TLS-PWD vs. TLS-SRP)
SeongHan Shin <seonghan.shin@aist.go.jp> Thu, 07 November 2013 22:02 UTC
Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23E611E8142 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 14:02:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.976
X-Spam-Level:
X-Spam-Status: No, score=-5.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id viVGZNpqOFKB for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 14:02:31 -0800 (PST)
Received: from na3sys010aog103.obsmtp.com (na3sys010aog103.obsmtp.com [74.125.245.74]) by ietfa.amsl.com (Postfix) with ESMTP id E545521E8144 for <tls@ietf.org>; Thu, 7 Nov 2013 14:02:27 -0800 (PST)
Received: from mail-lb0-f182.google.com ([209.85.217.182]) (using TLSv1) by na3sys010aob103.postini.com ([74.125.244.12]) with SMTP ID DSNKUnwN81TLbsjgZYZo37NjqJ+H/a+ZG3vT@postini.com; Thu, 07 Nov 2013 14:02:28 PST
Received: by mail-lb0-f182.google.com with SMTP id w6so965429lbh.13 for <tls@ietf.org>; Thu, 07 Nov 2013 14:02:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=1dlZSHSqGEFevg1eMlUsZotYj3ZvC0Ga0I3zBPLQ5F8=; b=FtjNhfKi6M0heJI88FdUUFrwgScWNOw8DIg7kmICS2EWX3G3u6fiIx6dnhDlQrPmRg Ocba83wVy2ZjybS7u7/A4dQTWf714P7RY8RTbSo/hJlMuhtD3TkuvBTIc7r5lKTZfbcl Yv1ms5wp+aE/fEJMRxbFAKTFKDHr7Um2d61R0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=1dlZSHSqGEFevg1eMlUsZotYj3ZvC0Ga0I3zBPLQ5F8=; b=AmFJp+gNOD3Z/KJi+VaKqhXGamc7pOrEBe4v44qjHm4tgKhi16wGyy7jngNWUYAEY0 IkAIjOLbM1pKhTHpIQhQJu4OHH+sUKtKZc1soUAJUkWNrNoleeagapkcrY9LuvmzFT/u Ibt/aTsmgDvNH52ruz9jxaaDy/+/BQZbdK9L/kDxRmXoN4/1wBkhGY93HyLkQrOICun6 XqoQavM8DL0RxoC9mxhvOMNwN8AiPcQznWbhsCG3ASsTew1iq0mUPS6EiJCgFklw/T/M gjApL7E798ygHKkYiUwn2hzhNZZtKAjt0HHwyRFHCU/ms44Mp9Oy8TVR+ncwFn6gAB6R Kz8A==
X-Gm-Message-State: ALoCoQlohc+s6pQwMseGPWagq1j53sMUvsg+VLSaLSmEWXJaXmwDNweyohbSQBKTuReA0BfeYMA/8XO9WRNtlJltkkV/MfvsaMgpGedZGyYVAMvyZ8SQx/OIsongBbhDe/srmatCnkDggWcmxll0bAmKBk6YQrEBMA==
X-Received: by 10.112.72.233 with SMTP id g9mr948251lbv.2.1383861745860; Thu, 07 Nov 2013 14:02:25 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.112.72.233 with SMTP id g9mr948241lbv.2.1383861745677; Thu, 07 Nov 2013 14:02:25 -0800 (PST)
Received: by 10.112.141.138 with HTTP; Thu, 7 Nov 2013 14:02:25 -0800 (PST)
Date: Fri, 08 Nov 2013 07:02:25 +0900
Message-ID: <CAEKgtqnQNarEsGO1XPeQOoQ1UK065-daa01d5PLyQD9d6SABeA@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c23fbcc50d3a04ea9d6b06"
Subject: [TLS] PWD LC for TLS's "Standard RFC"? (Re: TLS-PWD vs. TLS-SRP)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 22:02:35 -0000
Dear all, This is just a summary of my emails regarding PWD. First, I have reviewed almost all IETF email discusstions and on-site discussions, related to PAKE, since 2008. Now, the TLS wg is about to issue a LC for tls-pwd. http://tools.ietf.org/html/draft-ietf-tls-pwd-01 Compared to SPEKE and AugPAKE, https://tools.ietf.org/html/draft-shin-tls-augpake-01 http://tools.ietf.org/html/draft-jablon-speke-02 http://en.wikipedia.org/wiki/SPEKE_%28cryptography%29 PWD is NOT a good choice. 1) PWD has no provable security. 2) PWD is not efficient. 3) PWD may not be patent-free because of SPEKE. Need more PAKEs better than PWD? See http://grouper.ieee.org/groups/1363/passwdPK/submissions.html and http://www.jablon.org/passwordlinks.html I know we all are security (or crypto) experts and which one is good/bad. Thank you and best regards, Shin On Thu, Nov 7, 2013 at 10:15 AM, SeongHan Shin <seonghan.shin@aist.go.jp>wrote: > Dear all, > > > Is there any advantages of tls-pwd over tls-srp? > > > Is there any advantages of tls-pwd over tls-augpake and SPEKE? > These are clarifying questions because TLS WG is going with PWD towards > "standard RFC" though PWD has no provable security and is less efficient > (compared to SPEKE and AugPAKE). > Are all tls wg members already clarified with advantages of using tls-pwd? > If so, just let me know. > > For patent issues between SPEKE and PWD, there was no conclusions in the > earlier IPsec meetings to my understanding. > > Best regards, > Shin > > > On Thu, Nov 7, 2013 at 7:44 AM, SeongHan Shin <seonghan.shin@aist.go.jp>wrote: > >> Hi Dan, >> >> I also was in the IPsec mailing list through all discussions of PAKE >> schemes. >> But, I don't remember any advantages of pwd over augpake and speke. >> Do you mean patent issue that pwd is patent-free and speke isn't? >> >> Regards, >> Shin >> >> On Thu, Nov 7, 2013 at 7:32 AM, Dan Harkins <dharkins@lounge.org> wrote: >> >>> >>> Hi Shin, >>> >>> On Wed, November 6, 2013 1:24 pm, SeongHan Shin wrote: >>> > Hi Dan, >>> > >>> > Here comes the next question: >>> > Is there any advantages of tls-pwd over tls-augpake and SPEKE? >>> > https://tools.ietf.org/html/draft-shin-tls-augpake-01 >>> > http://en.wikipedia.org/wiki/SPEKE_%28cryptography%29 >>> >>> Mrs. Harkins didn't raise a moron. I really do not want to >>> repeat the debacle that occurred on the IPsec mailing list >>> regarding PAKE schemes. >>> >>> If you would like to rehash all those exchanges I suggest >>> you go look at the archives. >>> >>> regards, >>> >>> Dan. >>> >>> >>> >>> >> >> >> -- >> ------------------------------------------------------------------ >> SeongHan Shin >> Research Institute for Secure Systems (RISEC), >> National Institute of Advanced Industrial Science and Technology (AIST), >> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan >> Tel : +81-29-861-2670/5284 >> Fax : +81-29-861-5285 >> E-mail : seonghan.shin@aist.go.jp >> ------------------------------------------------------------------ >> > > > > -- > ------------------------------------------------------------------ > SeongHan Shin > Research Institute for Secure Systems (RISEC), > National Institute of Advanced Industrial Science and Technology (AIST), > Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan > Tel : +81-29-861-2670/5284 > Fax : +81-29-861-5285 > E-mail : seonghan.shin@aist.go.jp > ------------------------------------------------------------------ > -- ------------------------------------------------------------------ SeongHan Shin Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan Tel : +81-29-861-2670/5284 Fax : +81-29-861-5285 E-mail : seonghan.shin@aist.go.jp ------------------------------------------------------------------
- [TLS] PWD LC for TLS's "Standard RFC"? (Re: TLS-P… SeongHan Shin