Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)
Fabrice Gautier <fabrice.gautier@gmail.com> Thu, 07 November 2013 16:20 UTC
Return-Path: <fabrice.gautier@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9837A21E8120 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrSHe8gCJPYZ for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:20:34 -0800 (PST)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 59BAD11E8168 for <tls@ietf.org>; Thu, 7 Nov 2013 08:20:33 -0800 (PST)
Received: by mail-we0-f174.google.com with SMTP id p61so760508wes.5 for <tls@ietf.org>; Thu, 07 Nov 2013 08:20:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=SIAI9begOI8s8kKcv9D+qfy01CXmni6N1GxBFQd/IwM=; b=lA1FJpvS3f8iZZ8ygSZXVxymAU2Mhbeky3AiFMjbIpVcc+x3orVJ2JS+cZcq4APrCi XPd5Y/r5E6SgIXQCrbi87omj6Y+QREHz5tFJFgO3dm+wuADi/+egioI2A9c+MzMVbFLB xCyMjV0wi3Jb0xO6yTCBK9PZ82EExahHsev5MRYyHnOaOz7+3nYLeHkBGqodf3tFRBOU C8/AHjJ/pNkff5cjvm8MXZpyaiqR0R1LBMsvlXXLTno6JVQHdix0TcoAoav0VsA8nCUY hbL0U418D+YB7fohzD2zLHJht5Qlt/cqyKDuCmOWLgoh8enobYURC1qCNlY4QZzPOCeP u8Yg==
X-Received: by 10.180.85.42 with SMTP id e10mr3419878wiz.1.1383841226128; Thu, 07 Nov 2013 08:20:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.176.135 with HTTP; Thu, 7 Nov 2013 08:20:06 -0800 (PST)
In-Reply-To: <CAEKgtqmfHpzNye_DCgyzJ7PmsGRFWCHAtjX=HOLKo0OEoEi0gQ@mail.gmail.com>
References: <CAEKgtqmfHpzNye_DCgyzJ7PmsGRFWCHAtjX=HOLKo0OEoEi0gQ@mail.gmail.com>
From: Fabrice Gautier <fabrice.gautier@gmail.com>
Date: Thu, 07 Nov 2013 08:20:06 -0800
Message-ID: <CANOyrg-LzPbft+DMH8h3HatAJAwTqx6PRBG_n=3MrSfWHcMSqg@mail.gmail.com>
To: SeongHan Shin <seonghan.shin@aist.go.jp>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: 古原和邦 <k-kobara@aist.go.jp>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Augmented PAKE (Re: New Version Notification for draft-shin-tls-augpake-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 16:20:35 -0000
Hi, How does the client knows which group to use ? As the client would need to know the group before sending the ClientHello, it seems that the client needs to remember the groups parameters along with the password, which seems impractical. -- Fabrice On Wed, Nov 6, 2013 at 11:25 AM, SeongHan Shin <seonghan.shin@aist.go.jp> wrote: > Dear all, > > For anyone who are interested in PAKE, pls see the below I-D regarding > augmented PAKE. > > IMO, two reasons that SRP was published as RFC 2945 and included in IEEE > 1363.2 and ISO/IEC 11770-4 are 1) SRP is an augmented PAKE and 2) the > server's computation cost of SRP is a minimum. > (Though SRP has no provable security) > > The AugPAKE in the below I-D is provably secure and more efficient than > other augmented PAKEs (including SRP and AMP). > > Of course, augmented PAKE provides additional security property over > (balanced) PAKE. > > Best regards, > Shin > > > On Wed, Sep 4, 2013 at 6:39 PM, SeongHan Shin <seonghan.shin@aist.go.jp> > wrote: >> >> Dear all, >> >> I submitted a new version of our I-D regarding augmented PAKE (AugPAKE) >> and its integration into TLS. >> I added some features of AugPAKE in Appendix. >> Any comments are welcome! >> >> Best regards, >> Shin >> >> ---------- Forwarded message ---------- >> From: <internet-drafts@ietf.org> >> Date: Wed, Sep 4, 2013 at 6:26 PM >> Subject: New Version Notification for draft-shin-tls-augpake-01.txt >> To: Kazukuni Kobara <kobara_conf-ml@aist.go.jp>, SeongHan Shin >> <seonghan.shin@aist.go.jp> >> >> >> >> A new version of I-D, draft-shin-tls-augpake-01.txt >> has been successfully submitted by SeongHan Shin and posted to the >> IETF repository. >> >> Filename: draft-shin-tls-augpake >> Revision: 01 >> Title: Augmented Password-Authenticated Key Exchange for >> Transport Layer Security (TLS) >> Creation date: 2013-09-04 >> Group: Individual Submission >> Number of pages: 19 >> URL: >> http://www.ietf.org/internet-drafts/draft-shin-tls-augpake-01.txt >> Status: http://datatracker.ietf.org/doc/draft-shin-tls-augpake >> Htmlized: http://tools.ietf.org/html/draft-shin-tls-augpake-01 >> Diff: >> http://www.ietf.org/rfcdiff?url2=draft-shin-tls-augpake-01 >> >> Abstract: >> This document describes an efficient augmented password-authenticated >> key exchange (AugPAKE) protocol where a user remembers a low-entropy >> password and its verifier is registered in the intended server. In >> general, the user password is chosen from a small set of dictionary >> whose space is within the off-line dictionary attacks. The AugPAKE >> protocol described here is secure against passive attacks, active >> attacks and off-line dictionary attacks (on the obtained messages >> with passive/active attacks), and also provides resistance to server >> compromise (in the context of augmented PAKE security). Based on the >> AugPAKE protocol, this document also specifies a new password-only >> authentication handshake for Transport Layer Security (TLS) protocol. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> >> -- >> ------------------------------------------------------------------ >> SeongHan Shin >> Research Institute for Secure Systems (RISEC), >> National Institute of Advanced Industrial Science and Technology (AIST), >> Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan >> Tel : +81-29-861-2670/5284 >> Fax : +81-29-861-5285 >> E-mail : seonghan.shin@aist.go.jp >> ------------------------------------------------------------------ > > > > > -- > ------------------------------------------------------------------ > SeongHan Shin > Research Institute for Secure Systems (RISEC), > National Institute of Advanced Industrial Science and Technology (AIST), > Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan > Tel : +81-29-861-2670/5284 > Fax : +81-29-861-5285 > E-mail : seonghan.shin@aist.go.jp > ------------------------------------------------------------------ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Augmented PAKE (Re: New Version Notificatio… SeongHan Shin
- Re: [TLS] Augmented PAKE (Re: New Version Notific… Fabrice Gautier
- Re: [TLS] Augmented PAKE (Re: New Version Notific… SeongHan Shin
- Re: [TLS] Augmented PAKE (Re: New Version Notific… Fabrice
- Re: [TLS] Augmented PAKE (Re: New Version Notific… SeongHan Shin