Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)
SeongHan Shin <seonghan.shin@aist.go.jp> Thu, 07 November 2013 18:36 UTC
Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1782521E81F1 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 10:36:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.976
X-Spam-Level:
X-Spam-Status: No, score=-5.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0atY+kRnoNl for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 10:36:12 -0800 (PST)
Received: from na3sys010aog107.obsmtp.com (na3sys010aog107.obsmtp.com [74.125.245.82]) by ietfa.amsl.com (Postfix) with ESMTP id 7436B11E81CC for <tls@ietf.org>; Thu, 7 Nov 2013 10:36:06 -0800 (PST)
Received: from mail-lb0-f181.google.com ([209.85.217.181]) (using TLSv1) by na3sys010aob107.postini.com ([74.125.244.12]) with SMTP ID DSNKUnvdlW0drpJPAkTQsoaT0KPgcQ2KUtjg@postini.com; Thu, 07 Nov 2013 10:36:06 PST
Received: by mail-lb0-f181.google.com with SMTP id x18so758954lbi.40 for <tls@ietf.org>; Thu, 07 Nov 2013 10:36:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UFke42bfE39c2r9RnRcocrCQUGpmoDhLbJindTCu1fI=; b=LsU5K/CDUhmbau3+ekRqEy9vSxI8W9D718xoQkBZnAqSmG5pQmpUZ47w3YSd15wZEg vAvzjjLHSQOZFh1Lt2xqo09IYzTjDh/0qTsAFaX8zyYBkJxGiz/8hdhl6EjBxClHrODR LWXSyRe5J3f3qnsaE7rF6V7YzoawkoCz1W4+0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UFke42bfE39c2r9RnRcocrCQUGpmoDhLbJindTCu1fI=; b=dVWyc3VmKhWIUoklTGoZOswM671uSkWip1gRyXrmorNqHkUsAsVOztEeT9+MbwUv6U GBPX2+gspW4hjCQgp+qrCfsluORxdcopsML+bswosuDeGqwSYiAEuI8obWMYSEWV3OOr Gp1S9Is1sPbUKX3qhtRr+VKYW4ZWSTIRddXQ9k+3O6NWqGUsFJxfYCzfMu+27ba5lbts 8OzixzflPZwR/cIQu22LbCmzbo4ykQwaJN3X/Zux+wv2ZSd9HoBAaxX2bCmTnCBlRBI/ G6oXIk2jSLMwzBGSm6bcGad/+lyQIKhQO1ex+07xvCzvTvZiO9HPg5NMdADOxoK6ARhY cI1g==
X-Gm-Message-State: ALoCoQmmlYNkRQiJ227f1AGWy9KbTZp/fo2zPr/6oXhfGW0kZ4BGe1XIpteo0dsZ7PevlWX7JlS2Yv20l5qehEKD1X4OhAA/+So+ySiQfExj4xAOks6HwlCdSAG3sPWT9roCBJxXWX5H5YCOGrLOTDImNo/mjpkbiQ==
X-Received: by 10.152.184.198 with SMTP id ew6mr7339251lac.34.1383849364503; Thu, 07 Nov 2013 10:36:04 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.152.184.198 with SMTP id ew6mr7339243lac.34.1383849364383; Thu, 07 Nov 2013 10:36:04 -0800 (PST)
Received: by 10.112.141.138 with HTTP; Thu, 7 Nov 2013 10:36:04 -0800 (PST)
In-Reply-To: <CANOyrg-LzPbft+DMH8h3HatAJAwTqx6PRBG_n=3MrSfWHcMSqg@mail.gmail.com>
References: <CAEKgtqmfHpzNye_DCgyzJ7PmsGRFWCHAtjX=HOLKo0OEoEi0gQ@mail.gmail.com> <CANOyrg-LzPbft+DMH8h3HatAJAwTqx6PRBG_n=3MrSfWHcMSqg@mail.gmail.com>
Date: Fri, 08 Nov 2013 03:36:04 +0900
Message-ID: <CAEKgtqnSgdouYAmSa5DbN1sME=65wi3PpM17b2+Bybsz8PzBow@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: Fabrice Gautier <fabrice.gautier@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134693ac97c7204ea9a8950"
Cc: 古原和邦 <k-kobara@aist.go.jp>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 18:36:22 -0000
Hi Fabrice, Thank you for your comment! Section 5.1 can be used in TLS 1.3 handshake (?) as in Eric's presentation :) >How does the client knows which group to use ? As you pointed out, we need to change Section 5.1 for the current tls version. A naive approach is to add one round exchange after ServerHello. Any other good ideas? Regards, Shin On Fri, Nov 8, 2013 at 1:20 AM, Fabrice Gautier <fabrice.gautier@gmail.com>wrote: > Hi, > > How does the client knows which group to use ? > > As the client would need to know the group before sending the > ClientHello, it seems that the client needs to remember the groups > parameters along with the password, which seems impractical. > > > -- Fabrice > > > On Wed, Nov 6, 2013 at 11:25 AM, SeongHan Shin <seonghan.shin@aist.go.jp> > wrote: > > Dear all, > > > > For anyone who are interested in PAKE, pls see the below I-D regarding > > augmented PAKE. > > > > IMO, two reasons that SRP was published as RFC 2945 and included in IEEE > > 1363.2 and ISO/IEC 11770-4 are 1) SRP is an augmented PAKE and 2) the > > server's computation cost of SRP is a minimum. > > (Though SRP has no provable security) > > > > The AugPAKE in the below I-D is provably secure and more efficient than > > other augmented PAKEs (including SRP and AMP). > > > > Of course, augmented PAKE provides additional security property over > > (balanced) PAKE. > > > > Best regards, > > Shin > > > > > > On Wed, Sep 4, 2013 at 6:39 PM, SeongHan Shin <seonghan.shin@aist.go.jp> > > wrote: > >> > >> Dear all, > >> > >> I submitted a new version of our I-D regarding augmented PAKE (AugPAKE) > >> and its integration into TLS. > >> I added some features of AugPAKE in Appendix. > >> Any comments are welcome! > >> > >> Best regards, > >> Shin > >> > >> ---------- Forwarded message ---------- > >> From: <internet-drafts@ietf.org> > >> Date: Wed, Sep 4, 2013 at 6:26 PM > >> Subject: New Version Notification for draft-shin-tls-augpake-01.txt > >> To: Kazukuni Kobara <kobara_conf-ml@aist.go.jp>, SeongHan Shin > >> <seonghan.shin@aist.go.jp> > >> > >> > >> > >> A new version of I-D, draft-shin-tls-augpake-01.txt > >> has been successfully submitted by SeongHan Shin and posted to the > >> IETF repository. > >> > >> Filename: draft-shin-tls-augpake > >> Revision: 01 > >> Title: Augmented Password-Authenticated Key Exchange for > >> Transport Layer Security (TLS) > >> Creation date: 2013-09-04 > >> Group: Individual Submission > >> Number of pages: 19 > >> URL: > >> http://www.ietf.org/internet-drafts/draft-shin-tls-augpake-01.txt > >> Status: http://datatracker.ietf.org/doc/draft-shin-tls-augpake > >> Htmlized: http://tools.ietf.org/html/draft-shin-tls-augpake-01 > >> Diff: > >> http://www.ietf.org/rfcdiff?url2=draft-shin-tls-augpake-01 > >> > >> Abstract: > >> This document describes an efficient augmented password-authenticated > >> key exchange (AugPAKE) protocol where a user remembers a low-entropy > >> password and its verifier is registered in the intended server. In > >> general, the user password is chosen from a small set of dictionary > >> whose space is within the off-line dictionary attacks. The AugPAKE > >> protocol described here is secure against passive attacks, active > >> attacks and off-line dictionary attacks (on the obtained messages > >> with passive/active attacks), and also provides resistance to server > >> compromise (in the context of augmented PAKE security). Based on the > >> AugPAKE protocol, this document also specifies a new password-only > >> authentication handshake for Transport Layer Security (TLS) protocol. > >> > >> > >> > >> > >> Please note that it may take a couple of minutes from the time of > >> submission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> The IETF Secretariat > >> > >> > >> > >> > >> -- > >> ------------------------------------------------------------------ > >> SeongHan Shin > >> Research Institute for Secure Systems (RISEC), > >> National Institute of Advanced Industrial Science and Technology (AIST), > >> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan > >> Tel : +81-29-861-2670/5284 > >> Fax : +81-29-861-5285 > >> E-mail : seonghan.shin@aist.go.jp > >> ------------------------------------------------------------------ > > > > > > > > > > -- > > ------------------------------------------------------------------ > > SeongHan Shin > > Research Institute for Secure Systems (RISEC), > > National Institute of Advanced Industrial Science and Technology (AIST), > > Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan > > Tel : +81-29-861-2670/5284 > > Fax : +81-29-861-5285 > > E-mail : seonghan.shin@aist.go.jp > > ------------------------------------------------------------------ > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > -- ------------------------------------------------------------------ SeongHan Shin Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan Tel : +81-29-861-2670/5284 Fax : +81-29-861-5285 E-mail : seonghan.shin@aist.go.jp ------------------------------------------------------------------
- [TLS] Augmented PAKE (Re: New Version Notificatio… SeongHan Shin
- Re: [TLS] Augmented PAKE (Re: New Version Notific… Fabrice Gautier
- Re: [TLS] Augmented PAKE (Re: New Version Notific… SeongHan Shin
- Re: [TLS] Augmented PAKE (Re: New Version Notific… Fabrice
- Re: [TLS] Augmented PAKE (Re: New Version Notific… SeongHan Shin