Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)

Fabrice Gautier <fabrice.gautier@gmail.com> Thu, 07 November 2013 16:20 UTC

Return-Path: <fabrice.gautier@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9837A21E8120 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrSHe8gCJPYZ for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:20:34 -0800 (PST)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 59BAD11E8168 for <tls@ietf.org>; Thu, 7 Nov 2013 08:20:33 -0800 (PST)
Received: by mail-we0-f174.google.com with SMTP id p61so760508wes.5 for <tls@ietf.org>; Thu, 07 Nov 2013 08:20:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=SIAI9begOI8s8kKcv9D+qfy01CXmni6N1GxBFQd/IwM=; b=lA1FJpvS3f8iZZ8ygSZXVxymAU2Mhbeky3AiFMjbIpVcc+x3orVJ2JS+cZcq4APrCi XPd5Y/r5E6SgIXQCrbi87omj6Y+QREHz5tFJFgO3dm+wuADi/+egioI2A9c+MzMVbFLB xCyMjV0wi3Jb0xO6yTCBK9PZ82EExahHsev5MRYyHnOaOz7+3nYLeHkBGqodf3tFRBOU C8/AHjJ/pNkff5cjvm8MXZpyaiqR0R1LBMsvlXXLTno6JVQHdix0TcoAoav0VsA8nCUY hbL0U418D+YB7fohzD2zLHJht5Qlt/cqyKDuCmOWLgoh8enobYURC1qCNlY4QZzPOCeP u8Yg==
X-Received: by 10.180.85.42 with SMTP id e10mr3419878wiz.1.1383841226128; Thu, 07 Nov 2013 08:20:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.176.135 with HTTP; Thu, 7 Nov 2013 08:20:06 -0800 (PST)
In-Reply-To: <CAEKgtqmfHpzNye_DCgyzJ7PmsGRFWCHAtjX=HOLKo0OEoEi0gQ@mail.gmail.com>
References: <CAEKgtqmfHpzNye_DCgyzJ7PmsGRFWCHAtjX=HOLKo0OEoEi0gQ@mail.gmail.com>
From: Fabrice Gautier <fabrice.gautier@gmail.com>
Date: Thu, 7 Nov 2013 08:20:06 -0800
Message-ID: <CANOyrg-LzPbft+DMH8h3HatAJAwTqx6PRBG_n=3MrSfWHcMSqg@mail.gmail.com>
To: SeongHan Shin <seonghan.shin@aist.go.jp>
Content-Type: text/plain; charset=ISO-8859-1
Cc: =?UTF-8?B?5Y+k5Y6f5ZKM6YKm?= <k-kobara@aist.go.jp>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 16:20:35 -0000

Hi,

How does the client knows which group to use ?

As the client would need to know the group before sending the
ClientHello, it seems that the client needs to remember the groups
parameters along with the password, which seems impractical.


-- Fabrice


On Wed, Nov 6, 2013 at 11:25 AM, SeongHan Shin <seonghan.shin@aist.go.jp> wrote:
> Dear all,
>
> For anyone who are interested in PAKE, pls see the below I-D regarding
> augmented PAKE.
>
> IMO, two reasons that SRP was published as RFC 2945 and included in IEEE
> 1363.2 and ISO/IEC 11770-4 are 1) SRP is an augmented PAKE and 2) the
> server's computation cost of SRP is a minimum.
> (Though SRP has no provable security)
>
> The AugPAKE in the below I-D is provably secure and more efficient than
> other augmented PAKEs (including SRP and AMP).
>
> Of course, augmented PAKE provides additional security property over
> (balanced) PAKE.
>
> Best regards,
> Shin
>
>
> On Wed, Sep 4, 2013 at 6:39 PM, SeongHan Shin <seonghan.shin@aist.go.jp>
> wrote:
>>
>> Dear all,
>>
>> I submitted a new version of our I-D regarding augmented PAKE (AugPAKE)
>> and its integration into TLS.
>> I added some features of AugPAKE in Appendix.
>> Any comments are welcome!
>>
>> Best regards,
>> Shin
>>
>> ---------- Forwarded message ----------
>> From: <internet-drafts@ietf.org>
>> Date: Wed, Sep 4, 2013 at 6:26 PM
>> Subject: New Version Notification for draft-shin-tls-augpake-01.txt
>> To: Kazukuni Kobara <kobara_conf-ml@aist.go.jp>jp>, SeongHan Shin
>> <seonghan.shin@aist.go.jp>
>>
>>
>>
>> A new version of I-D, draft-shin-tls-augpake-01.txt
>> has been successfully submitted by SeongHan Shin and posted to the
>> IETF repository.
>>
>> Filename:        draft-shin-tls-augpake
>> Revision:        01
>> Title:           Augmented Password-Authenticated Key Exchange for
>> Transport Layer Security (TLS)
>> Creation date:   2013-09-04
>> Group:           Individual Submission
>> Number of pages: 19
>> URL:
>> http://www.ietf.org/internet-drafts/draft-shin-tls-augpake-01.txt
>> Status:          http://datatracker.ietf.org/doc/draft-shin-tls-augpake
>> Htmlized:        http://tools.ietf.org/html/draft-shin-tls-augpake-01
>> Diff:
>> http://www.ietf.org/rfcdiff?url2=draft-shin-tls-augpake-01
>>
>> Abstract:
>>    This document describes an efficient augmented password-authenticated
>>    key exchange (AugPAKE) protocol where a user remembers a low-entropy
>>    password and its verifier is registered in the intended server.  In
>>    general, the user password is chosen from a small set of dictionary
>>    whose space is within the off-line dictionary attacks.  The AugPAKE
>>    protocol described here is secure against passive attacks, active
>>    attacks and off-line dictionary attacks (on the obtained messages
>>    with passive/active attacks), and also provides resistance to server
>>    compromise (in the context of augmented PAKE security).  Based on the
>>    AugPAKE protocol, this document also specifies a new password-only
>>    authentication handshake for Transport Layer Security (TLS) protocol.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>>
>>
>>
>> --
>> ------------------------------------------------------------------
>> SeongHan Shin
>> Research Institute for Secure Systems (RISEC),
>> National Institute of Advanced Industrial Science and Technology (AIST),
>> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan
>> Tel : +81-29-861-2670/5284
>> Fax : +81-29-861-5285
>> E-mail : seonghan.shin@aist.go.jp
>> ------------------------------------------------------------------
>
>
>
>
> --
> ------------------------------------------------------------------
> SeongHan Shin
> Research Institute for Secure Systems (RISEC),
> National Institute of Advanced Industrial Science and Technology (AIST),
> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan
> Tel : +81-29-861-2670/5284
> Fax : +81-29-861-5285
> E-mail : seonghan.shin@aist.go.jp
> ------------------------------------------------------------------
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>