[TLS] Fwd: New Version Notification for draft-barnes-tls-pake-00.txt

Richard Barnes <rlb@ipv.sx> Wed, 11 April 2018 14:54 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DDFD1241F3 for <tls@ietfa.amsl.com>; Wed, 11 Apr 2018 07:54:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqw4NaZ_sbXs for <tls@ietfa.amsl.com>; Wed, 11 Apr 2018 07:54:01 -0700 (PDT)
Received: from mail-ot0-x22b.google.com (mail-ot0-x22b.google.com [IPv6:2607:f8b0:4003:c0f::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DADC1200F1 for <tls@ietf.org>; Wed, 11 Apr 2018 07:54:01 -0700 (PDT)
Received: by mail-ot0-x22b.google.com with SMTP id f47-v6so2305269oth.2 for <tls@ietf.org>; Wed, 11 Apr 2018 07:54:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OA1ArCq1KepikQfZ6CE737jY7eg2N4MOg/bksYtjC3U=; b=AOWD0nE7Zo4ZhQDFk3GH7wvL8JGpu8u0jLLkggZ+jIjfrf4SP9FGufP0VM5fgJYiWt M2+y27mrl3uq0oIGNnwY+q0WYpkmmn3329dUOl6g5nzF3fjIfb8GE7Xs2uvrw6kxAmxE WdcdbP0vPLMFTUCULx1lrEEdVnNvSWeYFc2ctjmQo7U9o8+mCrawJla/pco7mAwzOYYJ HBATY9tb0hVpO4fDHTEd8/vOggIwIlr2Us4UAfsRDZ6tjwKXh+MZv/N0wGXAW9XB3+Lb h1QpgOTHOG8xvy8iK5Ub//3J/rwGg23DtzUz/QeMHHgxeHxmnmUsoyN4/wSYO0IItbf3 FRlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OA1ArCq1KepikQfZ6CE737jY7eg2N4MOg/bksYtjC3U=; b=NkroI7n5BJjn2yNRhXQBWIwBY6wwbx8VmS88bsVXvbY2zoG8yALsZEPJR6A27tvRLQ Y4JhsUUkifvl7Afof1e2EgFaS8llNByBPZc2ZbJKGeLXZx6cZlJbeW1Y5BM8xMTv7l6g W0Jotbzix6ACPzPjmQGXFm5d62iLlRLtNuc+ma9CBGePG3kduEwMcZjch5wQ4LHFssTe ar1WKHbb6fuUwv4/aOyNWs9V5v9+sstUxYJ03/KaaUJ2AVek+D01nTrBVAZMje4oQ6jR r5pvCkK5pNIk+rWYriL9GMyxJGjOxRYrl2ZcJkTtrE9cw4+fjiAGnGxdaHC6qsuMiYj3 66vQ==
X-Gm-Message-State: ALQs6tDTzRiiSiyZsJU5TfgADIMMKTuF+Z+Fm6C8Yjx96ou3ZdMewpqK m04MDDFhFmHC45FotxfsmfwmhZVm2BcOpc251tSeD8iB
X-Google-Smtp-Source: AIpwx4/3dfnsFu5x0AeWuVZx422Cxy2FPeXmdnNO75+gk6r9zMDDdCtJEB2H490+0fKO6iPOfX7byWcklB8RREnkm00=
X-Received: by 2002:a9d:7308:: with SMTP id e8-v6mr2382901otk.271.1523458440609; Wed, 11 Apr 2018 07:54:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.90.67 with HTTP; Wed, 11 Apr 2018 07:54:00 -0700 (PDT)
In-Reply-To: <152345795593.1972.17855870949078823595.idtracker@ietfa.amsl.com>
References: <152345795593.1972.17855870949078823595.idtracker@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 11 Apr 2018 10:54:00 -0400
Message-ID: <CAL02cgSOA-asdvyFNLLpcN59qeVjwQU9F2f=mgM9Y_B0Xv4rmg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002ee2e9056993cfff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NpjSa2bCKtLDQeTWDLIvW9GANNk>
Subject: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2018 14:54:04 -0000

Hey TLS folks,

As I mentioned in my brief presentation at IETF 101, Owen and I have been
thinking about how to bring PAKE back to TLS 1.3 (since earlier SRP
mechanisms don't really apply).

We've just published an I-D describing a proposed mechanism, and I've
implemented this mechanism in the `mint` TLS 1.3 stack:

https://github.com/bifurcation/mint/pull/193

We would love to hear any feedback on the approach proposed here, and on
whether other people here would be interested in working on a PAKE
mechanism for TLS in this working group.

To address the obvious "Which PAKE?" question: We did a brief survey of the
PAKE literature, and SPAKE2 seemed like a good candidate here for a few
reasons:

- It allows a message pattern that aligns well with the TLS 1.3 handshake
- In particular, the key confirmation messages map pretty closely to the
TLS Finished MAC
- It doesn't require much in the way of exotic operations (just EC point
addition)
- It's gotten pretty robust review from CFRG

Thanks,
--Richard


---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Wed, Apr 11, 2018 at 10:45 AM
Subject: New Version Notification for draft-barnes-tls-pake-00.txt
To: Richard Barnes <rlb@ipv.sx>, Owen Friel <ofriel@cisco.com>



A new version of I-D, draft-barnes-tls-pake-00.txt
has been successfully submitted by Richard Barnes and posted to the
IETF repository.

Name:           draft-barnes-tls-pake
Revision:       00
Title:          Usage of SPAKE with TLS 1.3
Document date:  2018-04-11
Group:          Individual Submission
Pages:          7
URL:            https://www.ietf.org/internet-drafts/draft-barnes-tls-pake-0
0.txt
Status:         https://datatracker.ietf.org/doc/draft-barnes-tls-pake/
Htmlized:       https://tools.ietf.org/html/draft-barnes-tls-pake-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-barnes-tls-pake


Abstract:
   The pre-shared key mechanism available in TLS 1.3 is not suitable for
   usage with low-entropy keys, such as passwords entered by users.
   This document describes how the SPAKE password-authenticated key
   exchange can be used with TLS 1.3.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat