IETF Logo Mail Archive

[TLS] Re: Formal analysis of draft-ietf-tls-pake

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 03 December 2025 16:37 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 80C3794A8DF7 for <tls@mail2.ietf.org>; Wed, 3 Dec 2025 08:37:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KH-24NgheQeC for <tls@mail2.ietf.org>; Wed, 3 Dec 2025 08:37:42 -0800 (PST)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 285E294A8D17 for <tls@ietf.org>; Wed, 3 Dec 2025 08:37:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:References:To:Subject :From:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=07IvyipRi8U20IXKNcUHUC45U8St8a+IsbCs339SlCM=; b=nL7C0zhffR8jHg1ORDjDw311HY IyYv8mY/fFbN2cglS02dwEiut9Q+7evXRCnC+j58cN+7sznGAcMlX8aujqZJhx9xgiY6Fng1Pkkdb SH8jMfIPOD7tbFRcjYmrSPpgDaJn0xSePskFK5inGkv5f5fGX7b4ATLSpLgqrq0+H7K4Ux8rOIA5o 2gdoxkgIYz+WI5oLvHFZSK0RXduFFqhOVbZN/HuG1jQilhfGhM+1c+YJjnn5LuwSRnBfCDJSgeJTO ieMyn82+5qV9qELI3xwuxeswinp1e5JZPulaNAfDbleIstkntBwp0HdMgFQQUS1wqZoyVerf1ClPe dI1RiAJA==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vQpql-001ADj-H1 for tls@ietf.org; Wed, 03 Dec 2025 17:37:08 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Wed, 3 Dec 2025 17:37:00 +0100
Message-ID: <01168e74-3c30-49c8-a432-096759ae37bc@tu-dresden.de>
Date: Wed, 03 Dec 2025 17:36:59 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
To: tls@ietf.org
References: <727371d5-4a06-489c-acfa-5392242a1b9b@tu-dresden.de>
Content-Language: en-US
In-Reply-To: <727371d5-4a06-489c-acfa-5392242a1b9b@tu-dresden.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090802040900020106000105"
X-ClientProxiedBy: MSX-L414.msx.ad.zih.tu-dresden.de (172.26.34.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Message-ID-Hash: N7ISN3I5E3SNMO4GBARKTMXWLI4VV3JQ
X-Message-ID-Hash: N7ISN3I5E3SNMO4GBARKTMXWLI4VV3JQ
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Formal analysis of draft-ietf-tls-pake
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SirvzNR7r6yt4Z7cPSxSru1dKSg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

[ Just in case the following email was missed. ]

To avoid redundant effort, it will be good to see the current state of 
formalization, and to know which areas to focus on.

For this draft, I plan to use ProVerif and reuse many of the functions 
from my formal analysis [1] for draft-fossati-tls-attestation, which 
substantiates the attacks mentioned in [2].

Are the design options presented in the meeting explained somewhere? 
Unless I am missing something, I don't see them in the draft/repo.

Side motivation: Paul Wouters (as individual) mentioned this draft in 
his on-mic comment in the SEAT WG meeting [3], and I am trying to 
understand what exactly that means from a formal analysis perspective.

-Usama

On 16.11.25 10:20, Muhammad Usama Sardar wrote:
> If I understood correctly in the meeting, the authors have some 
> ongoing formal analysis but I could not find anything in the repo [0]. 
> Could you please point me to the repo where the formal analysis is 
> being done?
>
> From the formal analysis perspective, is there something specific 
> other than the open issue mentioned in section 8.4 that you need help 
> with?
>
> -Usama
>
> [0] https://github.com/tlswg/tls-pake
[1] https://github.com/CCC-Attestation/formal-spec-id-crisis

[2] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/

[3] 
https://datatracker.ietf.org/doc/minutes-124-seat-202511041630/#discussion-2

v2.37.1 | Report a Bug | By Email | System Status