Re: [TLS] draft-barnes-tls-pake

Björn Haase <bjoern.haase@endress.com> Wed, 04 September 2019 10:39 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7500B120059 for <tls@ietfa.amsl.com>; Wed, 4 Sep 2019 03:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=vdjjx5QI; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=nRCTwynK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDNlGfmS9UIp for <tls@ietfa.amsl.com>; Wed, 4 Sep 2019 03:39:20 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50073.outbound.protection.outlook.com [40.107.5.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A06112001B for <tls@ietf.org>; Wed, 4 Sep 2019 03:39:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P9im+/WgrAsTstFoadtCrwpZDRL32WP9Jb3aCAg32e4=; b=vdjjx5QI3vbR27ADJ961g7rpy0KpINYudGmqZIQ+KvE1SPv+00MGodfytF/Kfdw7zg2oo/fjVJcPs98rWPqD3mlBVcY65bdcHxSJOGBG8Lh5CrdUJ3MJSs1RCbSiegpBDgzRSDYo3iVKZ4v3uy3ah6SU95E4vbZQaQeWZxpdDSA=
Received: from HE1PR0501CA0023.eurprd05.prod.outlook.com (2603:10a6:3:1a::33) by AM6PR05MB6357.eurprd05.prod.outlook.com (2603:10a6:20b:73::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.20; Wed, 4 Sep 2019 10:39:16 +0000
Received: from VE1EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::203) by HE1PR0501CA0023.outlook.office365.com (2603:10a6:3:1a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Wed, 4 Sep 2019 10:39:16 +0000
Authentication-Results: spf=pass (sender IP is 40.113.82.155) smtp.mailfrom=endress.com; ietf.org; dkim=fail (body hash did not verify) header.d=endress.com;ietf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 40.113.82.155 as permitted sender) receiver=protection.outlook.com; client-ip=40.113.82.155; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (40.113.82.155) by VE1EUR03FT046.mail.protection.outlook.com (10.152.19.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Wed, 4 Sep 2019 10:39:16 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Wed, 4 Sep 2019 12:39:15 +0200
Received: from EUR02-HE1-obe.outbound.protection.outlook.com ([104.47.5.56]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Wed, 4 Sep 2019 12:39:14 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mVFMu1ysnlxtAFMRY/Jf5fZHoCZfgJWLXo09ToCmDnVL8PzyUouK8Xe7dDi9bu6C4FiRcj8DemBE6N5WM68mabG3kP4aDTVCMBS42W4Br9KjB+vY1etH5a1H/Dce3PhoCo1GEwK9ESW2xnOCRpINRdAf5aW6KqfDlW26u55DmthBanVXSPpE3aGA4NG9cQ4++dAd0ODtn0JpK1smY7sSN7i78+EPW9fHGbIwlJYthjNoUWhVVB/rRmGdIP/oyXPfwuMeMMABVfP943wOAq3WrtWqnkiVfr5fs9O6nSmsEJztK2p2jrKX52fY7KPBbWSlI9vg91RId6/YbJi6dDNO+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4bF88rUQNUJQ98PnNuTmx4bUL4oqLO20c8C0RQjLSgQ=; b=YPgKt2WQyniEd5Q0N1t1w+ABSNo50x0BbZhZvSYHcco4gs1PKDg96kPqOYobrx9HjLX4xVt+PUe6jyGSlv7+GQEC9y9tVCkQQSzFXPZa5wS7vcuSJkN2OwyDpu4lvYpd3pHCgTCF+6Ildo8RYiE6VWYxWtW/m3YQqBHT5msRtR/jJnIDZ55uEni0Yf+RoWTPg6V2Bv7Du/D6S3UC3phjC8DrJqVaxoFAtRrwvVPbemyyirgpUzQEQfpA/E7wFhseni3SqO64CaW+hILtDR9G32NiyRpt1oZ5kvjYysXmhy3NKnAIJbvsax7QLTWwKobGQwTOFa/geNcMuQEN3c6b1A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4bF88rUQNUJQ98PnNuTmx4bUL4oqLO20c8C0RQjLSgQ=; b=nRCTwynKK3FjufazQEqL/wGoG1RqIWdLzRnfU9Z39ER0ADvGUB+w+Dt8y/P+iHUaUHN1vTCLjlrSIUIT/ZImZFl5C39NM1Zm+XSb06/gDpdROzbmS803OwWTmI1+lEokuYJhhL+3OoJxXNeR6b5e0KIaKd4gU/ktcQhK2IKl/Fc=
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com (10.169.135.11) by VI1PR0501MB2399.eurprd05.prod.outlook.com (10.168.136.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.20; Wed, 4 Sep 2019 10:39:12 +0000
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::2027:2a2:adcd:1425]) by VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::2027:2a2:adcd:1425%3]) with mapi id 15.20.2241.014; Wed, 4 Sep 2019 10:39:11 +0000
From: =?utf-8?B?QmrDtnJuIEhhYXNl?= <bjoern.haase@endress.com>
To: Rob Sayre <sayrer@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-barnes-tls-pake
Thread-Index: AQHVYqwdPyLkuiJMrke1+iuDSEHwQqcbUBSg
Content-Class:
Date: Wed, 4 Sep 2019 10:39:11 +0000
Message-ID: <VI1PR0501MB2255E7427C2730BCFE733AE383B80@VI1PR0501MB2255.eurprd05.prod.outlook.com>
References: <CAChr6Sy=GzNj=Ok5DMmEZ6s+euu5AF6wubJ+G+8U-fUTdgei3g@mail.gmail.com>
In-Reply-To: <CAChr6Sy=GzNj=Ok5DMmEZ6s+euu5AF6wubJ+G+8U-fUTdgei3g@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-09-04T10:39:09.9915049Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=9f6bb216-ccef-41b6-8d5b-c76059192051; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [193.158.100.19]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: f92089bf-b5c4-4078-77e5-08d73124227a
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1PR0501MB2399;
X-MS-TrafficTypeDiagnostic: VI1PR0501MB2399:|AM6PR05MB6357:
X-MS-Exchange-PUrlCount: 6
X-Microsoft-Antispam-PRVS: <AM6PR05MB63572B9F786CA704D3871AB883B80@AM6PR05MB6357.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:9508;
x-forefront-prvs: 0150F3F97D
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(346002)(376002)(366004)(199004)(189003)(3846002)(86362001)(486006)(790700001)(6116002)(6306002)(6436002)(81166006)(81156014)(8676002)(54896002)(85182001)(236005)(66066001)(9686003)(14454004)(85202003)(33656002)(53936002)(446003)(55016002)(8936002)(66946007)(110136005)(966005)(413944005)(5660300002)(606006)(74316002)(316002)(66574012)(476003)(64756008)(2906002)(102836004)(52536014)(26005)(186003)(478600001)(66476007)(66556008)(2501003)(11346002)(7696005)(19627235002)(6506007)(25786009)(256004)(76176011)(71200400001)(71190400001)(76116006)(99286004)(66446008)(14444005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0501MB2399; H:VI1PR0501MB2255.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: vQQVn/gGjr3geenXM19TuJIS2GBlqzkPgHkpTFjrvWxyRIsSm28K+EC7fjwt6t9q4GvvUU1hkn0O15CIVCqoIVx+bJATsGAHLK2+q1vb0dNLAGQwSDHqfkZw4O6bw9DENgCFBzJSW8c8ekz4KcNO6RXNjZb8vwD0/dQXNJA87tW33ckbvu5U3Vmk/iJ4dQhjh7i7TWcpq7UI3tT3GcpJ6PP0w0IOXwwBhYespnu40XJ1NOdjtUQgxY+NBp35Q1eLj05g3u5Gii6NXQaxDFYpYsrioI9SE0SHh4600RcPNEWwNWghqGlw3xxmH3hP2cVh5B3EenV6YSNuU2OSPj1m6ZBOmP3/OLNTmh47cTU3zqcwoCzF8b0fNX8GLF3faVFm7uyhUTbPlm84F1fLnO7xCCdW0wwWIlE32SFDHNo0Se4=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR0501MB2255E7427C2730BCFE733AE383B80VI1PR0501MB2255_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0501MB2399
X-OriginalArrivalTime: 04 Sep 2019 10:39:14.0977 (UTC) FILETIME=[FF35C910:01D5630C]
X-Trailer: 1
X-GBS-PROC: jFz3nAp+lG7TvC7KPQjt9QQpL8ATG75SNZUReoWrF5g=
X-GRP-TAN: IQNE01@5B8737F43A81401A983181F34057BB8A
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT046.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:40.113.82.155; IPV:CAL; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(376002)(346002)(39860400002)(2980300002)(26234003)(199004)(189003)(486006)(14444005)(316002)(110136005)(16586007)(7696005)(126002)(3846002)(76176011)(6116002)(45080400002)(19627235002)(76130400001)(356004)(6506007)(11346002)(102836004)(790700001)(446003)(55016002)(478600001)(2906002)(33964004)(966005)(413944005)(476003)(14454004)(186003)(54896002)(9686003)(26005)(106002)(53936002)(6306002)(236005)(26826003)(336012)(85202003)(5660300002)(66066001)(86362001)(606006)(74316002)(7736002)(8676002)(15974865002)(70586007)(66574012)(71190400001)(8936002)(85182001)(25786009)(70206006)(99286004)(81166006)(2501003)(81156014)(33656002)(52536014); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR05MB6357; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: a3ef2b29-00d2-45e8-a5f1-08d731241fe1
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(710020)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM6PR05MB6357;
X-Forefront-PRVS: 0150F3F97D
X-Microsoft-Antispam-Message-Info: +rUfx/OgSGNRPCgWVN/sJBVd0+y1Q95dHgVW9Vzk20Fpdnln1SrBg91+CxkqLImS/13zivrC0ZUtF73XipaA4wjmMOLp5M8W6THanQs4g7sBEWXj93pExCTf/kMrzIkinfjxLYGvcNCNwHV/zxldHSsxVbiF2Tmi+7kyo/BQZcICFeGcRvRcgXWYtwVtoWlo0Aa3notvU6qr/xGmp9dX7EXtzPcXOY4Tpt1eikjZIVn91lQjrd5Mr48s21xm+2isq0jIbh+uU5A5WciOh8ycEOyXUcij+a3/pYlmOKCJeOdzanV492OLpA6tpa0J0WySiSNx3p1Llch87zqtY4IMCrNlmn60nFul+VEYzWgC6Et7fH1thbJTy4G0iuK0dJnxO1wmHaH9Q4ljaWQu9gWfe4CpeHDrZE0AuH1R8KptDdk=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2019 10:39:16.2068 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f92089bf-b5c4-4078-77e5-08d73124227a
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[40.113.82.155]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR05MB6357
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LAy8R2uWW5L9rB1j6xekJl0ijQI>
Subject: Re: [TLS] draft-barnes-tls-pake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 10:39:24 -0000

Dear Rob,

you might know that currently there is an ongoing PAKE selection process in the context of the CFRG working group. SRP is no longer considered there.

In my opinion, SRP comes with several problems. It’s patent circumvention approach did consider patents that today are expired. This patent circumvention made 1.) the protocol computationally very complex and 2.) prevented through security analysis/proofs. (See e.g. the discussion in  https://eprint.iacr.org/2018/286 in section 2.1.).

Regarding the complexity: I did analyze SRP once for the computational constraints of the setting https://eprint.iacr.org/2017/562. There SRP would have resulted in about two minutes (120 s!) login delay for 1024 bit field size (80 bit symmetric security level) because of the complexity of the computations on the constrained embedded server.
With today’s alternatives (see, e.g. https://eprint.iacr.org/2018/286) using Montgomery or Edwards curves, you could realize 2-4 seconds for the 128 bit security level for the very same constraint setting.

So for security-proof reasons and for efficiency for embedded devices there is a need for alternative PAKE protocols. There draft-barnes-tls-pake describes one out of several possible approaches.

Yours,

Björn



Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 

Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.conducta.endress.com 





Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 



Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
 



Von: TLS <tls-bounces@ietf.org>; Im Auftrag von Rob Sayre
Gesendet: Mittwoch, 4. September 2019 01:05
An: tls@ietf.org
Betreff: [TLS] draft-barnes-tls-pake

Hello,

I read https://tools.ietf.org/html/draft-barnes-tls-pake-04<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-barnes-tls-pake-04&data=02%7C01%7Cbjoern.haase%40endress.com%7C0dd3e93d68f84993d53d08d730c33ea0%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C1%7C637031487436897945&sdata=4UZhHwWpFl%2Bg1R3Ocoz7JbJ2NKndciKI3eDLvcpboQg%3D&reserved=0>;.

I understand and agree that the SRP scheme in RFC 5054 might not apply cleanly to TLS 1.3.

However, I don't understand the rationale for choosing other PAKE algorithms for this draft over SRP. I found that Apple iCloud and HomeKit use SRP, so it seemed strange to choose other algorithms in this draft, given the popularity of those products.

I'm not pushing an agenda here. I just want to understand. But, I found the rationale in the various draft-barnes-tls-pake drafts very unenlightening.

thanks,
Rob