[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
Rob Sayre <sayrer@gmail.com> Mon, 24 March 2025 01:28 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B2E2511567AE for <tls@mail2.ietf.org>; Sun, 23 Mar 2025 18:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izJL6PiAFyKX for <tls@mail2.ietf.org>; Sun, 23 Mar 2025 18:28:50 -0700 (PDT)
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BE5D211567A7 for <tls@ietf.org>; Sun, 23 Mar 2025 18:28:50 -0700 (PDT)
Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2ff799d99dcso6329653a91.1 for <tls@ietf.org>; Sun, 23 Mar 2025 18:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742779730; x=1743384530; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Bor+zP0xJrKGKRR9kDw81v0joC8cILVxL/0Z4wjnVO8=; b=ecFguHGQ+UwMbPUd6A6Vpcmc0m0P7w2zsBp28Xa60wnuFq+CsqzWyZ0rkRwGqABtP8 asQPLeAQwqH2mPm57v/rIa69oMNePdHxERHFxPCkx5H05uBi9wgCQglwuu+8jpYegFd/ GwTfJOSaLllGGiPItLx+xxVB4vr3IyNrpe2HGEfkBNvLITwtPU+c2E+GVdeo76gyyqN2 4qvi/Ax+TdJEn5b0LueW2ISO77kPH0n1f2G76dTvvWXiaYDzYdJDD2hmQ+yxtsvHpEyJ aH8uKaY/G6au5xAheGLRRqeOR5zT3lF77uFu9AmQLuZdVYEgywwyAqKtxMToqATkDykP 3LjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742779730; x=1743384530; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Bor+zP0xJrKGKRR9kDw81v0joC8cILVxL/0Z4wjnVO8=; b=EmZy5X1V2njv6wS7cmv6o3HzTtbxLTG+NZdoWYVvfH90NKxUFO3wGL5KLFTFd1GOyI 6G+otRVrSHk4+cGRDVTGK9FxhxOKmFmauawBs2orDDS0CDRgiUxrfk9YsStLnzreet4G ueXt6dmx/FlssDuHNasjGZeeYAdZMsuRUU1p1fitSHg2ij6WPsKf3iYaAtkxWeEm/Bjn XYJgRcWW+YKM+Ab9Kf62PCynLbZrC4/lwQCrj4bDvrXWbd5WiMryGMR+NGjFVL8uR9jU 4Xa5bJ1MagTAvlsgZx1YuDFnSg3SsvATrJt0Kkoff6G2hoKgLGTdXW2OmsjmPgDoxJTn UN7Q==
X-Forwarded-Encrypted: i=1; AJvYcCUNH5RyqgIELl3SEsAk5zwSgayp0SBrJjVA4ETBjFAaxYO+0NMc5SgAzx2eUDfPMxOBcjY=@ietf.org
X-Gm-Message-State: AOJu0Yxu0j2xZgOhTVklnPk4L4GwLCwpLkT++kDaGvgCj/B+O/UVq6ag 6PO7x/VnzdjRK9XrY3QtQewEP56r6jXll1scDjx+1tQTyvDciiYsYxY0IXDiPv89MypVG+I3CeW jdxwllkbjt79z+yVFQNg31jUZ6A4=
X-Gm-Gg: ASbGncsiyAc8h9KHdOxHUcX4PisTNZM/2hjP/H8RDXAnaE/MRhUgtjfh/LSTW7h4YQ7 TCZbNIgUzNcgZ+cC7HkVseqNdrQzKILmYWRfg1N7IyfZqBhqUgj+GwqYAFZ3zpzroQ5Tyc5idvL /5uwfbdsbR4jAV0e8J8vY8zKxE6ac=
X-Google-Smtp-Source: AGHT+IFHDyRIeveMOQjGQDHyupJds039ERxMFcwtJ03DviZGKO4D1I3wwj7yUbdkuUS1hJNny+1rTkrmrZuUKsTCP3o=
X-Received: by 2002:a17:90b:2551:b0:2ee:d193:f3d5 with SMTP id 98e67ed59e1d1-3030fe595c0mr20072218a91.7.1742779729524; Sun, 23 Mar 2025 18:28:49 -0700 (PDT)
MIME-Version: 1.0
References: <05B28816-9AA9-4035-B451-8ACFFBE2D4DE@apple.com> <CAChr6Sy1Eew1J5z9at3qEwLRWn+7ZLm0f564LobNQGMD7ANQaA@mail.gmail.com> <CABcZeBOpk2cYAyie4=G5=c6V43HvGB70fKVf_e_bQqnt_4C9WQ@mail.gmail.com> <CAF8qwaAoYEZj_t56unUAqz+SaKw6CvMFJ2NmqNmE8skmjKKSpA@mail.gmail.com> <CAChr6Sw+9bZxjcaJMNbY8UZBbmv5ZDnyb7aGtCjXcrtxvfeoew@mail.gmail.com> <CABcZeBNFPLWcYDhv1axqSwTX_w_yatfbJyih8CUMhZfkK5484g@mail.gmail.com> <CAChr6Syji7TKs6GumtmpZ8_tKXb5UK10_b6HdR1PU8Oni0pTkw@mail.gmail.com> <CABcZeBOHSGBOj_4R0bVdCpaRTcVV6=uHOzvWcY9HFei7PbC1fw@mail.gmail.com> <CAChr6SxFNN4wH=45HANWuFZVX8_2HfX14mS2WayVSe_ide2RWg@mail.gmail.com> <CAChr6Szz2HS71x2DnekY3Os4LaNEJs704rgSjRhVL9z_VF43jg@mail.gmail.com> <576FC1C2-BC06-4ABC-A98E-6AB363AB31A1@apple.com>
In-Reply-To: <576FC1C2-BC06-4ABC-A98E-6AB363AB31A1@apple.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 23 Mar 2025 18:28:38 -0700
X-Gm-Features: AQ5f1Jq3He6oDH9mlCpGyHa0m0zoMujeJWsfdlMaZtzjQe9-NxO8hKk4PgZNUgI
Message-ID: <CAChr6SxhE-Y4ywd9_Uf6ECRhWVK5WZ4HtKaNrdBRH1ihxL5auQ@mail.gmail.com>
To: Laura Bauman <l_bauman@apple.com>
Content-Type: multipart/alternative; boundary="000000000000b3445b06310c8625"
Message-ID-Hash: MUG5NH46NP7S6R6LHEW3NVCMLVBDNM7A
X-Message-ID-Hash: MUG5NH46NP7S6R6LHEW3NVCMLVBDNM7A
X-MailFrom: sayrer@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IVnIPKdtINLqGDcb20TbdVFNkDg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi, I watched the meeting on YouTube. It seems like it went pretty well. SSL/TLS has improved over the years. We don't advise use of SSL3 or TLS 1.0 anymore. PAKEs are the same. They get better. The comments along the lines of "have the chairs checked" or "run up against the PAKE wall" or "we've tried this before" are indirect. The problem with these PAKE ideas is that they work. What everyone fears will happen is that the draft will go all the way through the process, only to be met by an IPR disclosure. It will be something like "Northcom Telstar Logistics Business Company". That is just the government using a chilling effect. Maybe it is different this time around, but I am not optimistic. thanks, Rob On Mon, Mar 17, 2025 at 7:23 PM Laura Bauman <l_bauman@apple.com> wrote: > > On Mar 18, 2025, at 1:44 AM, Rob Sayre <sayrer@gmail.com> wrote: > > On Mon, Mar 17, 2025 at 10:02 AM Rob Sayre <sayrer@gmail.com> wrote: > >> On Mon, Mar 17, 2025 at 9:38 AM Eric Rescorla <ekr@rtfm.com> wrote: >> >>> >>> As above, I don't see what this has to do with PAKEs at all. If you have >>> a third >>> party authentication system, whether sign in with Apple, Google, or some >>> SSO >>> provider, then you don't need to share any secret with the relying party. >>> >> >> In my mind, the idea is that you don't have to rely solely on WebPKI if >> you have that information handy after registration. >> > > The other PAKE draft on the agenda explains this motivation better in its > introduction, although the mechanism is different: > > > https://www.ietf.org/archive/id/draft-guo-pake-pha-tls-01.html#name-introduction > > In draft-bmw-tls-pake13-01, the words "such as" are doing a lot of work in > the abstract and introduction. I doubt they are aiming at passwords that a > user types, given all of their other efforts to ditch passwords, but idk. > > > Our usage of “password” in the abstract/introduction appears to be a bit > misleading. There is a disconnect between the term password (as in > P(assword)AKE) and what we view as the motivating use cases for this > mechanism, namely: > > 1. One time connections with no need for a long term authentication > credentials (e.g. screen casting, video conferencing equipment) > 2. An initial connection over which high entropy long term credentials > (e.g. external PSK, RPKs) can be exchanged (e.g. pairing, device setup) > > In these cases, the “password” is more likely to be a passcode/pin or > otherwise temporary low entropy secret. We are not aiming to provide a > solution or alternative for web login use cases or advocating for users to > need to enter passwords more places. >
- [TLS] Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt David Benjamin
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Björn Haase
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Martin Thomson
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla