IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-04.txt

Hugo Krawczyk <hugo@ee.technion.ac.il> Wed, 18 July 2018 23:13 UTC

Return-Path: <hugokraw@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 084EF13100D for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 16:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QA1nGfeI1pmY for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 16:13:24 -0700 (PDT)
Received: from mail-it0-x242.google.com (mail-it0-x242.google.com [IPv6:2607:f8b0:4001:c0b::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC1D3130FFC for <tls@ietf.org>; Wed, 18 Jul 2018 16:13:24 -0700 (PDT)
Received: by mail-it0-x242.google.com with SMTP id h2-v6so6581023itj.1 for <tls@ietf.org>; Wed, 18 Jul 2018 16:13:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=KMzydkm1ytNWRAVy74rJkSBjxXJdwtZHeEv1jqb7AEg=; b=jcqnPWUk1dSpMLcaRP3wpYcR7IqaZENBSN+I94IwTGde7LbXrMzU2GSrcez5dQF5gz m5rRuKEYXUF70rAxf7adBJ+cMDkC3J8thxxDVAMwOHuWdMiT17ie1FCrBBGZqwa/u7p4 H9OYUeh36yF4rIAV86wPM6Itu6QccR15/kCJsyjxf/uS1uvHzlOFkjZgwp8RdS97nROd lXin+6pHgyRY5e9D239uwvsPyRG+Q70EhdpwMj5vuQEIPkg8PKEgEf8K1zNEuGivb2bj N7sNxU3p/BK6HzCvjHn4MuICZFhkrzLV5/XJvP2oAk2yTGQsVk05iecVVhYikquxwcWQ 6ZCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=KMzydkm1ytNWRAVy74rJkSBjxXJdwtZHeEv1jqb7AEg=; b=OZH+kloDvjlbNJaDLhfJa6aZsm2fyryMvQIIR57gfhJZEX/PR/ozjRh50B2ysjbWRc nnJCMo+LK8wqqzXCZ2khjLXo0E1UMa3QpoC/j1x21dEiABvJxCfWzqzCjhTv4v0eFsjj FD4N1ijBwUsjuSTcR0WKfV9tvPdBVT9sQn28miNNwR5Po+9rh0+4wv0Fb2U6Ppn2KsqE 2c7y3MCksFXqm3P1dRWcNck2PdY6yxTW2zq5WBynMgmKgYVkl0STKjPKoRYEEH6YrNkx oAT/LGNv3JT0lwC8lCCQcYyUlqrV+O/vRhlIsad0LvuhHvSzu97zApt+rIPlYA7Lpf/b WJXA==
X-Gm-Message-State: AOUpUlHNMSLh8mwu3HPjm1jn4oFLtbK/z1rikUtw0GNQR9J4u1ggVK3o CrUU6mjSH7jMDYFQH6l9a45reAxwl14y3Ivuld0VxQ==
X-Google-Smtp-Source: AAOMgpcWzl7CtI6DkpH6GhbTkseis+tqfDbqpaJ5YMvZ512uJuHCLuCzu6WuH4PuD6/cOMiyEryh4Y930Kxfvb4hB4Q=
X-Received: by 2002:a24:6ccb:: with SMTP id w194-v6mr4006965itb.10.1531955603957; Wed, 18 Jul 2018 16:13:23 -0700 (PDT)
MIME-Version: 1.0
Sender: hugokraw@gmail.com
Received: by 2002:a02:c502:0:0:0:0:0 with HTTP; Wed, 18 Jul 2018 16:12:53 -0700 (PDT)
In-Reply-To: <CAL02cgTYN=rQo8_ZiENs4ByWErgPn-u7x8pw9rePpZzhqFhwMQ@mail.gmail.com>
References: <153176915207.21824.6939177297174810137.idtracker@ietfa.amsl.com> <CAL02cgTYN=rQo8_ZiENs4ByWErgPn-u7x8pw9rePpZzhqFhwMQ@mail.gmail.com>
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Wed, 18 Jul 2018 19:12:53 -0400
X-Google-Sender-Auth: kBfOk939RQbJmEo5m1lnns8WYjs
Message-ID: <CADi0yUO4Th43FF+XVJQ1Tvsv_bmJJTWkNo2WYZ-jn8kBfGiSsA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000095eac905714e3536"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PrpII0rQwH_yasts4PKs2Uraj98>
Subject: Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 23:13:28 -0000

+1 for this work.

If you are one of those that think, as I did 20 years ago, that password
authentication is dying and practical replacements are just around the
corner, do not support this document. Otherwise, please do.

Asymmetric or augmented PAKE (aPAKE) protocols provide secure password
authentication in the common client-server case (where the server stores a
one-way mapping of the password) without relying on PKI - except during
user/password registration. Passwords remain secure regardless of which
middleboxes or endpoints spy into your decrypted TLS streams.  The server
never sees the password, not even during password registration.

To see real deployment of such protocols, they need to be integrated with
TLS which is what Barnes's draft facilitates. Not only this improve
significantly the protection of passwords and password authentication, but
aPAKE protocols also provide an hedge against PKI failures by enabling
mutual client-server authentication without relying on regular server
certificates.

Hugo


On Wed, Jul 18, 2018 at 1:18 PM, Richard Barnes <rlb@ipv.sx> wrote:

> Hey TLS WG,
>
> In response to some of the list discussion since the last IETF, Owen and I
> revised our TLS PAKE draft.  In the current version, instead of binding to
> a single PAKE (SPAKE2+), it defines a general container that can carry
> messages for any PAKE that has the right shape.  And we think that "right
> shape" covers several current PAKEs: SPAKE2+, Dragonfly, SRP, OPAQUE, ...
>
> The chairs have graciously allotted us 5min on the agenda for Thursday,
> where I'd like to ask for the WG to adopt the document.  So please speak up
> if you think this is an interesting problem for the TLS WG to work on, and
> if you think the approach in this document is a good starting point.  Happy
> for comments here or at the microphone on Thursday!
>
> Thanks,
> --Richard
>
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Mon, Jul 16, 2018 at 3:25 PM
> Subject: New Version Notification for draft-barnes-tls-pake-04.txt
> To: Richard Barnes <rlb@ipv.sx>, Owen Friel <ofriel@cisco.com>
>
>
>
> A new version of I-D, draft-barnes-tls-pake-04.txt
> has been successfully submitted by Richard Barnes and posted to the
> IETF repository.
>
> Name:           draft-barnes-tls-pake
> Revision:       04
> Title:          Usage of PAKE with TLS 1.3
> Document date:  2018-07-16
> Group:          Individual Submission
> Pages:          11
> URL:            https://www.ietf.org/internet-
> drafts/draft-barnes-tls-pake-04.txt
> Status:         https://datatracker.ietf.org/doc/draft-barnes-tls-pake/
> Htmlized:       https://tools.ietf.org/html/draft-barnes-tls-pake-04
> Htmlized:       https://datatracker.ietf.org/
> doc/html/draft-barnes-tls-pake
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-barnes-tls-pake-04
>
> Abstract:
>    The pre-shared key mechanism available in TLS 1.3 is not suitable for
>    usage with low-entropy keys, such as passwords entered by users.
>    This document describes an extension that enables the use of
>    password-authenticated key exchange protocols with TLS 1.3.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email