IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

SeongHan Shin <seonghan.shin@aist.go.jp> Tue, 12 November 2013 02:14 UTC

Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3D1421E8106 for <tls@ietfa.amsl.com>; Mon, 11 Nov 2013 18:14:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.409
X-Spam-Level:
X-Spam-Status: No, score=-5.409 tagged_above=-999 required=5 tests=[AWL=-0.484, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6Icae4lXaCn for <tls@ietfa.amsl.com>; Mon, 11 Nov 2013 18:14:28 -0800 (PST)
Received: from na3sys010aog109.obsmtp.com (na3sys010aog109.obsmtp.com [74.125.245.86]) by ietfa.amsl.com (Postfix) with ESMTP id BABBF21E8105 for <tls@ietf.org>; Mon, 11 Nov 2013 18:14:27 -0800 (PST)
Received: from mail-lb0-f181.google.com ([209.85.217.181]) (using TLSv1) by na3sys010aob109.postini.com ([74.125.244.12]) with SMTP ID DSNKUoGPA/OVJS23JXq11GEa7JivEJTkUxYz@postini.com; Mon, 11 Nov 2013 18:14:27 PST
Received: by mail-lb0-f181.google.com with SMTP id x18so4022273lbi.40 for <tls@ietf.org>; Mon, 11 Nov 2013 18:14:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4O3Nq/LvGiTjYiaLVsManmIdzOZGMsISp2wlSekiSVw=; b=iBUcGYbIRxDtMRoXMshEBMXi9EkrFM0vK/1MgJ7+/rHl+yX/Y6K5skgxyLpymKrhJ4 7zJgYC3AOiXGFtTVknpBB2KB6EW6EPKTSqv816pM37TBhjZ8RBO6EBwCvVN40auW2Ugd 2DYTiGgcxqxfM0IMrQuasH0s9paRW4NUp0VDQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4O3Nq/LvGiTjYiaLVsManmIdzOZGMsISp2wlSekiSVw=; b=QG8l0/POM92xSBrONIBQNu4eyU5vJ68VVarjZ5REYNj25F9xgbKSmtWYlpTvVv5toP pBId8C9k22aA53T90gFOA7SRP5BT/1pSifCD3U1CHFzT5X6bVd4qjIL6FCbBjRyVKU7j sfKNLbUMbFR5+ejS7fpskYQ/V7/Dv7jFyiRQMvq3Jv4BpV+eo0PUuwiEERsD+dE/Nn4r LMmCq9BYaqywTPA8vMAkwt9aLuMyA1H4i7fdjK00L1YTbhUNinfBw3uHQdioogqo4fOi F1zc9mTpj9aiVyNw/CHuTUe0jXfY/VNCbR3z/sHtUlKes78/UsmaiZ8zqPk2dPngYTER z56w==
X-Gm-Message-State: ALoCoQkufZ7sqaXnb09vtDEiNqrIngTVX4l9PudKxMVsqM+SXbXf+O9X37uo9qimh3bxHf867IeIwQxQE0lC2J71K1mZOX+s2rgkXV+StVbU+04TgJHHUawDIxpEr1EjhLL3EQx83/L6+Vhv09RwsMmXN+lzkEFFmA==
X-Received: by 10.112.29.147 with SMTP id k19mr24658351lbh.9.1384222465730; Mon, 11 Nov 2013 18:14:25 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.112.29.147 with SMTP id k19mr24658333lbh.9.1384222465261; Mon, 11 Nov 2013 18:14:25 -0800 (PST)
Received: by 10.112.141.138 with HTTP; Mon, 11 Nov 2013 18:14:25 -0800 (PST)
In-Reply-To: <E4AD1150-692C-435F-924D-AF75DECE535D@kth.se>
References: <9CD5611C-2742-435D-8832-9F85448591BA@qut.edu.au> <CEA27C78.1375B%uri@ll.mit.edu> <CAEKgtqk6D+q6-4Jb0afu2O9qRq=mE5_T_5UNrst2_BLmqVTFJw@mail.gmail.com> <E4AD1150-692C-435F-924D-AF75DECE535D@kth.se>
Date: Tue, 12 Nov 2013 11:14:25 +0900
Message-ID: <CAEKgtqn0bsx0pNpdMY-Zh5otT_u8y7Ofeijfu-Qo+BMdW055+w@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: Love Hörnquist Åstrand <lha@kth.se>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1133aa8655083504eaf1680d"
Cc: 古原和邦 <k-kobara@aist.go.jp>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 02:14:32 -0000

Hi Love,

Thank you for your comments!

>AugPAKE is not defined for ECC, the draft just say that is possible to
implement but not how. For example, is it safe for all kind of curves ?
The ECC part will be added to the next version of our I-D.

>AugPAKE have not test vectors in the draft. (very important because of the
next point).
>AugPAKE have no reference implementation that I’ve found.
We already implemented AugPAKE and the test vectors also will be added to
the next version of our I-D.
If you want to test interoperability, just let me know. :)

>I have not seen a review of AugPAKE by IRTF CFRG.
We already submitted the I-D to the CFRG. We hope to see reviews from the
CFRG soon.
http://tools.ietf.org/html/draft-irtf-cfrg-augpake-00
For security proof. please refer to the below IACR eprint archive.
https://eprint.iacr.org/2010/334.pdf

>AugPAKE is currently encumbered by IPR issues for all protocols.
What does it mean?
The patent of AugPAKE was granted in Feb. and April of 2013 from Japan and
U.S. respectively.
As in IPR Disclosures, AugPAKE can be used royal-free for any conforming
implementations.
https://datatracker.ietf.org/ipr/2037/

Best regards,
Shin


On Mon, Nov 11, 2013 at 7:52 PM, Love Hörnquist Åstrand <lha@kth.se> wrote:

> [resend now that i’m subscribed to the mailinglist]
>
> AugPAKE is not defined for ECC, the draft just say that is possible to
> implement but not how. For example, is it safe for all kind of curves ?
>
> AugPAKE have not test vectors in the draft. (very important because of the
> next point).
>
> AugPAKE have no reference implementation that I’ve found.
>
> I have not seen a review of AugPAKE by IRTF CFRG.
>
> AugPAKE is currently encumbered by IPR issues for all protocols.
>
> Love
>
>
> 8 nov 2013 kl. 18:03 skrev SeongHan Shin <seonghan.shin@aist.go.jp>:
>
> FYI,
> AugPAKE is provably secure and can be used royal-free.
> AugPAKE
> https://tools.ietf.org/html/draft-shin-tls-augpake-01
> IPR Disclosures
> https://datatracker.ietf.org/ipr/2037/
>
> Regards,
> Shin
>
>
>
> On Sat, Nov 9, 2013 at 1:35 AM, Blumenthal, Uri - 0558 - MITLL <
> uri@ll.mit.edu> wrote:
>
>> On 11/8/13 1:50 , "Douglas Stebila" <stebila@qut.edu.au> wrote:
>>
>> >I believe that where possible the IETF should aim to standardize
>> >cryptographic protocols that have provable security results.  Such proofs
>> >of course don't guarantee the protocol is secure in all scenarios, but at
>> >least rule out some classes of attacks.  In the field of password
>> >authenticated key exchange, there are many provably secure protocols, and
>> >so it would be preferable to see one such protocol adopted.
>>
>> I concur - except I believe that whenever possible the IETF should aim to
>> standardize cryptographic protocols that are unencumbered by license fees
>> and patents. If the choice arises between a protocol that carries both
>> (provable security and Intellectual Property) and a protocol that has
>> neither - I'd strongly prefer the latter.
>>
>>
>>
>> >On Nov 8, 2013, at 2:11 AM, Joseph Salowey (jsalowey)
>> ><jsalowey@cisco.com> wrote:
>> >
>> >> This is the beginning of the working group last call for
>> >>draft-ietf-tls-pwd-01.   The underlying cryptographic protocol for
>> >>TLS-PWD has been reviewed by the IRTF CFRG group with satisfactory
>> >>results.  The document needs particular attention paid to the
>> >>integration of this mechanism into the TLS protocol.   Please send
>> >>comments to the TLS list by December 2, 2013.
>> >>
>> >> - Joe
>> >> (For the TLS chairs)
>> >> _______________________________________________
>> >> TLS mailing list
>> >> TLS@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/tls
>> >
>> >_______________________________________________
>> >TLS mailing list
>> >TLS@ietf.org
>> >https://www.ietf.org/mailman/listinfo/tls
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>>
>
>
> --
> ------------------------------------------------------------------
> SeongHan Shin
> Research Institute for Secure Systems (RISEC),
> National Institute of Advanced Industrial Science and Technology (AIST),
> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan
> Tel : +81-29-861-2670/5284
> Fax : +81-29-861-5285
> E-mail : seonghan.shin@aist.go.jp
> ------------------------------------------------------------------
>  _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>


-- 
------------------------------------------------------------------
SeongHan Shin
Research Institute for Secure Systems (RISEC),
National Institute of Advanced Industrial Science and Technology (AIST),
Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan
Tel : +81-29-861-2670/5284
Fax : +81-29-861-5285
E-mail : seonghan.shin@aist.go.jp
------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email