IETF Logo Mail Archive

Re: [TLS] bootstrapping of constrained devices

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 21 March 2014 17:55 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508A31A03BF for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 10:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.949
X-Spam-Level:
X-Spam-Status: No, score=-2.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNRESOLVED_TEMPLATE=1.252] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUUuzG8TQFdi for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 10:55:14 -0700 (PDT)
Received: from co9outboundpool.messaging.microsoft.com (co9ehsobe003.messaging.microsoft.com [207.46.163.26]) by ietfa.amsl.com (Postfix) with ESMTP id 0A9AC1A09FB for <tls@ietf.org>; Fri, 21 Mar 2014 10:55:13 -0700 (PDT)
Received: from mail118-co9-R.bigfish.com (10.236.132.229) by CO9EHSOBE005.bigfish.com (10.236.130.68) with Microsoft SMTP Server id 14.1.225.22; Fri, 21 Mar 2014 17:55:04 +0000
Received: from mail118-co9 (localhost [127.0.0.1]) by mail118-co9-R.bigfish.com (Postfix) with ESMTP id 4EB6FCC01D2 for <tls@ietf.org>; Fri, 21 Mar 2014 17:55:04 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.5; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0310HT002.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -2
X-BigFish: PS-2(zz98dI1432Izz1f42h208ch1ee6h1de0h1d18h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6hzz1de098h17326ah8275dh1de097h186068hz2fh109h2a8h839h944hd25he5bhf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d0ch1d2eh1d3fh1dfeh1dffh1fe8h1ff5h2052h20b3h2216h22d0h2336h2438h2461h2487h24ach24d7h2516h2545h255eh25cch25f6h2605h262fh268bh1155h)
Received-SPF: pass (mail118-co9: domain of rhul.ac.uk designates 157.56.248.5 as permitted sender) client-ip=157.56.248.5; envelope-from=Kenny.Paterson@rhul.ac.uk; helo=AMSPRD0310HT002.eurprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10019001)(6009001)(428001)(24454002)(199002)(189002)(51704005)(83072002)(92726001)(85852003)(56816005)(90146001)(81542001)(92566001)(69226001)(15975445006)(81342001)(81686001)(82746002)(95666003)(47446002)(74482001)(87936001)(31966008)(74662001)(83322001)(74502001)(19580395003)(81816001)(33656001)(80976001)(2656002)(19580405001)(85306002)(65816001)(66066001)(20776003)(77982001)(53806001)(59766001)(80022001)(79102001)(76482001)(87266001)(83716003)(47736001)(49866001)(36756003)(47976001)(50986001)(4396001)(15202345003)(54316002)(56776001)(63696002)(94946001)(76786001)(54356001)(76796001)(94316002)(74876001)(97186001)(46102001)(93136001)(74706001)(95416001)(86362001)(93516002)(74366001)(51856001); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR03MB381; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:FEE0F11C.843A9702.31F5513B.45E9D060.202F1; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail118-co9 (localhost.localdomain [127.0.0.1]) by mail118-co9 (MessageSwitch) id 1395424502428170_16020; Fri, 21 Mar 2014 17:55:02 +0000 (UTC)
Received: from CO9EHSMHS002.bigfish.com (unknown [10.236.132.225]) by mail118-co9.bigfish.com (Postfix) with ESMTP id 64060C40112; Fri, 21 Mar 2014 17:55:02 +0000 (UTC)
Received: from AMSPRD0310HT002.eurprd03.prod.outlook.com (157.56.248.5) by CO9EHSMHS002.bigfish.com (10.236.130.12) with Microsoft SMTP Server (TLS) id 14.16.227.3; Fri, 21 Mar 2014 17:55:01 +0000
Received: from DBXPR03MB381.eurprd03.prod.outlook.com (10.141.10.11) by AMSPRD0310HT002.eurprd03.prod.outlook.com (10.255.40.37) with Microsoft SMTP Server (TLS) id 14.16.423.0; Fri, 21 Mar 2014 17:54:47 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB381.eurprd03.prod.outlook.com (10.141.10.11) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 17:54:46 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 17:54:46 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Feng Hao <feng.hao@newcastle.ac.uk>
Thread-Topic: [TLS] bootstrapping of constrained devices
Thread-Index: AQHPRRjdGRG2NbhO+U2QyRiSBBsmfJrrr/cAgAAEITCAAAsxAIAAE88d
Date: Fri, 21 Mar 2014 17:54:45 +0000
Message-ID: <3AD3276A-8CEB-448C-867F-2BF7962149DE@rhul.ac.uk>
References: <53288C43.9010205@mit.edu> <5328B6DF.8070703@fifthhorseman.net> <5328C0C8.9060403@mit.edu> <6b79e0820d349720f12b14d4706a8a5d.squirrel@webmail.dreamhost.com> <CALCETrUz8zCBHiq42GTnkkSaBcpA5pjSvk6kwwPjzn+MtBKMgA@mail.gmail.com> <e38419e3ada3233dbb3f860048703347.squirrel@webmail.dreamhost.com> <CALCETrVgJxfdCxZqc9ttHHNKHm-hdtGbqzHvsQ-6yd5BK=9PDw@mail.gmail.com> <67BAC033-2E23-4F03-A4D9-47875350E6B5@gmail.com> <532B0EAA.5040104@fifthhorseman.net> <8D8698DF-5C06-4F2A-8994-E0A36A987D6D@vpnc.org> <532B1739.80907@fifthhorseman.net> <CADrU+d+GkGU1Da3W6xGuOq4qvd40DdT6+sO6WEZeEag7Q1OiVQ@mail.gmail.com> <532B9B65.4030708@gmail.com> <8FD78E18-C3C7-4085-9E3F-8B60B20F2CB5@apple.com> <532C5867.2050704@gridmerge.com>, <CACsn0c=autfnANnTuszX+-EOgtSa6N7+S-hbEnj5ukyQPPUMVQ@mail.gmail.com> <D79ABD07-635D-4804-9934-2E426DE3A5B2@rhul.ac.uk>, <B15015334706B5489C2DCD6698A3D6CC552BD9AC@EXMBCT02.campus.ncl.ac.uk>
In-Reply-To: <B15015334706B5489C2DCD6698A3D6CC552BD9AC@EXMBCT02.campus.ncl.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [80.42.226.146]
x-forefront-prvs: 0157DEB61B
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CRA-Verdict: 157.56.248.5$newcastle.ac.uk%23205%4%rhul.ac.uk%False%False%0$
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%0$Dn%NEWCASTLE.AC.UK$RO%1$TLS%0$FQDN%$TlsDn%
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KYx-8fJKucw4RlLvlwXbx14ifD8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] bootstrapping of constrained devices
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 17:55:20 -0000

> On 21 Mar 2014, at 16:44, "Feng Hao" <feng.hao@newcastle.ac.uk> wrote:
> 
> Hi Kenny,
> 
>> As far as I am aware, there's no complete formal security analysis of J-PAKE.
>> There are claims in the original paper about the security conferred by the use
>> of ZK proofs, and some informal security analysis (stated as theorems and
>> proofs), but, as far as I know, there's no security proof using a recognised
>> PAKE security model.
> 
> I responded to a similar comment on the lightbluetouchpaper blog about 6 years ago:
> 

The comment from Jon Katz from 6 years ago is not really that similar to mine now, but I agree with him when he describes your security analysis as being hand waving.

> http://www.lightbluetouchpaper.org/2008/05/29/j-pake/ (See Comment 29)
> 
> My views are basically unchanged.

That's a shame. I'd have hoped you'd have learned how to use PAKE models and formal security proofs in the intervening period. 

> Meanwhile, in the past 6 years, I've been trying to search for answers of obvious questions: 1) what exact PAKE security model is the "right" model; 2) which exact PAKE protocol has been proved secure under that model and how is that protocol implemented and used in real life.

Very good. Models do evolve, and the first model is not always the "right" one. Still, the provision of some analysis in one of the several by now quite standard models would not be an unreasonable expectation if you are seriously promoting J-PAKE over the alternatives. 

> I must admit I haven't found my answers. 

Indeed. But that should not stop you (or anyone else, but it's really on you) from choosing one of the existing models and giving a proof for your protocol.

Cheers

Kenny

> Best regards,
> Feng
> 
>

v2.23.0 | Report a Bug | By Email