IETF Logo Mail Archive

[TLS] Comments on draft-friel-tls-eap-dpp-01

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 08 March 2021 15:09 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411573A2BDB for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 07:09:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Ly0kpFxm; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CCuRHFL7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UWZmGWMEW2b for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 07:09:17 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C6593A2BDA for <tls@ietf.org>; Mon, 8 Mar 2021 07:09:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6155; q=dns/txt; s=iport; t=1615216157; x=1616425757; h=from:to:subject:date:message-id:mime-version; bh=wghmYi2prHwHMWGiBeLCVil79l3zY+EBk2kXPPRwEIY=; b=Ly0kpFxmpT/oli6wJj/HQmW8RdY2gMDf8HgI1iW5I47m4N9gkvvNMnr8 8+hGiZuRE8WKBKVOu/f3q5ZCg62lH2tokOR4r5X7X9FJY9L7BmL3D61+y u4mTqKNJiWVLQH/CYhhU51L7ODwCITNEImzPG7J6eCR4rSpWwMoMRBD7d g=;
X-IPAS-Result: A0BaBAAXPEZgkJldJa1iHgEBCxIMQIFEC4EjMFF9WjYxCod/A4U5nQmEc4JTA1QLAQEBDQEBMgIEAQGETQKBegIlNwYOAgMBAQEDAgMBAQEBBQEBAQIBBgQUAQEBAQEBhjgNhngTAQE4EQGBACYBBBuCaAGBflcDLwGiEgKKJXSBNIMEAQEGhQsYghMJgTmCdoQGhmwcgUlCgRFDhzsag0iCK4JMZnVXgRsXm3KeKAqCfgSQRYt/o2y3CQICAgIEBQIOAQEGgWoigVlwFYMkUBcCDY4fGYNWillzOAIGCgEBAwl8jRsBgQ4BAQ
IronPort-PHdr: 9a23:dGLFchRqVTrjVaqny/ytrjdK59psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESQBN+J6v9YhazRqa+zEWAD4JPUtncEfdQMUhIekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutZlDOrDu19zFBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,232,1610409600"; d="scan'208,217";a="680957736"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Mar 2021 15:09:16 +0000
Received: from mail.cisco.com (xbe-aln-001.cisco.com [173.36.7.16]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 128F9GZV029258 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <tls@ietf.org>; Mon, 8 Mar 2021 15:09:16 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xbe-aln-001.cisco.com (173.36.7.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Mon, 8 Mar 2021 09:09:16 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 8 Mar 2021 10:09:13 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 8 Mar 2021 10:09:13 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YpUOH/cEKkTltIL/cCImJKfwY8bTEYYst9GQt+meXrFaGPbbAQAVLRnuTHiTKdQe4Aryi05OlMkF3noqkZPPzgBmJG3t9llmP1JrRStOVuyT4wIYv37LUFohkadNxJw009WXm2mLL11gZleJb3wB/tvKUb0dH36fxq64DZMZSnA5YxwWGdT6KiTdHEotoWTWTT9cR+xJYQ56iV9LcbTsbA/ekPmiHjIAga5jDqcFq6fuIiQZkbKX7lWdrXzNIWzR2F8ZOe+1FmfDM5e0hyEZhLJH3j1MQXjHLFttQvy04gAtoIc43Pf5l1JVDoKS81dIrTv27MBYrfM5pbg83WGgMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=255GWvOLNXlu2xCLXn3R6m5rJmOJ5YYEsvgOr3ATvfY=; b=U9KBPsakL1AM7m46rMSCV0OfxJUQcX79wu6r+sWaWImZr3eDHMbESQethZGE4qxGYCj+UlqtiKW/PlIzI79QcRori2Njp7Y0mpseaVmvvLVyZiwBjYjamzyTIOy4Mbce06PZCxLN8T7e7ggTbn2E5ASZYAbxMRUsVScTQUBfHrb5kbGBXHNGTZXAk13fLSJ9440ojyaMW2c3mE424V+EM/DIO9rx9GeoMmVDS6jVA++UxVYJ75SYGsTRtURnuJuqo0/GYbnbP6sOIGSMmPrCXSO2596lIjhbEv7dYfFwBEHwUWK9fgTVPzpqf8iHeoDfTU+JBZJSctYe6f4CW7paVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=255GWvOLNXlu2xCLXn3R6m5rJmOJ5YYEsvgOr3ATvfY=; b=CCuRHFL7MKKqRb1YavjM4ih3kVGuLJN0hIC8gvKRonSV9BRNd2T/UB6qqt+n1n5ZsX6o5DcAQjI8dSaTSFSbiXdwG7rJXMZYerlnmW6YG0+gfZSBDi8ZVKWiajPCX6IZcaxIxohzZWE/oPEp3VhsZqYUkplj5Oolvi4o6RmhIvE=
Received: from BN7PR11MB2641.namprd11.prod.outlook.com (2603:10b6:406:b1::25) by BN8PR11MB3652.namprd11.prod.outlook.com (2603:10b6:408:87::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.18; Mon, 8 Mar 2021 15:09:04 +0000
Received: from BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::4543:b45a:9f32:bde0]) by BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::4543:b45a:9f32:bde0%7]) with mapi id 15.20.3890.038; Mon, 8 Mar 2021 15:09:04 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: TLS List <tls@ietf.org>
Thread-Topic: Comments on draft-friel-tls-eap-dpp-01
Thread-Index: AdcUK5KzkyVwqQdJQtW6ZIcpT4HkiQ==
Date: Mon, 08 Mar 2021 15:09:03 +0000
Message-ID: <BN7PR11MB2641059009817305AEDD597FC1939@BN7PR11MB2641.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2702135d-354e-4120-7300-08d8e2441cb5
x-ms-traffictypediagnostic: BN8PR11MB3652:
x-microsoft-antispam-prvs: <BN8PR11MB3652F895DA1B349CBDF7A327C1939@BN8PR11MB3652.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TXnxmEkFsQT/XxCGr60OB6VWjL3seKYYiSi16hK/ufge116OUiOfgcaLqvoDYDIOFYPUdmXJyaEdY8p8P/C3OKM6WYMioq+5vylwI8vExVCS9PN5q6wrwsEFiJtGqWT1eBATar2YEMHmBM4ZfxVx6oUbdlsBvG1ounqHisdBX13GHOBMFBttXkZa9lu7qlXNBGk6J5gWA6L0uA6tysA+fv9Ybn03XQidYjft2GphgYkiyTEit6zJN/xT8eE/JbSasxZDKf1kcfHyaulGTwXJ+9QCv8wrCCTSDsu/ylHCbIsd0X/pjGW7j34A6RbYc6jnmT0lT6xr1Qq3BCYZE9mcsO9neL61uBse5ZU8j1ofuAf96hzPnPWFICEcl9mNEWAP3gAM5aJlP6EeFvPI5CGgp/m1xHqWgLD+ejuvDRSKs1nl11jrcFc3iyhdvmEY7vuu0XxOwum50GtpdsWUgbLesFzg7NTwK7jaew6YPcc5Vjb0kmrP4CSCw+furjqsE+VkqdqfvID15rpCAbmGCUbXDQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2641.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(376002)(136003)(366004)(39860400002)(7696005)(66556008)(64756008)(2906002)(86362001)(76116006)(66946007)(55016002)(8676002)(6916009)(66446008)(6506007)(71200400001)(66476007)(5660300002)(9686003)(26005)(33656002)(316002)(52536014)(186003)(83380400001)(8936002)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6S8wycjJsrrrO0TznSYlU/BYmIqTpJpgPFibZ3hSGd+LL3RA/vRxHnZJFHEKma6ceIsRwCHQ63qp/I14wj/DI7BTNuk2Cnzqr8C+w9tZ4Ezyb8Je2ryHxVL/qvv6e88ovqIjyRdQFzJe6a2kzjDR+xeSbO+wex+BMNXZSEv8W2lbjBMdxLfTvjMN1+ZvfMybhb54sFWuD6dJboyceMwpzMC+5nn0TfvhQvWrc2fc60nBGzJ5CkgxlaUmzCAtaPsn4mxjwu738nSGG5F8+XshIrTZ23CVgdssddX1emQZboehRswzMeQMYS8hmHuCP+4RJvz6zGAOTNMwRQ9nRslwZ6WyfT+oyX3/E5kndPlyMz9HyDi/p5crbBKiyByvnbVyvaUicMVzSYrz1qtqHT5kKA1/U6lDendv526ZGbn2dgMoFI/+yVEVaZ+W7pTXoMZH4F4Jjv8PwGA6uA1/Y7SuGQXvZ9qWKMe3ssd+9rWwMIFuNfcOAfACrYJijf3SrEurAx5zbM8o8oTefjX3G3vO13th4OsLLfxO4R9Z1Ip6i8jHSbK/0zxDh2PhHSqWFvci4VAvqEA0Ih9kScunasB3pDuxqLiL9zdXEE3Bdeqefd/bRrMHPgMPxs5gF2xwvgMATkjv/KRCZPVK/Ga9Z42S5NKWuH86/WYrxx4lShch2nCcqLT3iYFBHQ2yN/Q7lv/5aQXHR02+KvHhls8QAub7bR6p+rO9vgafY0HOSn109MrtsCccekiS8aCoHfN+jR6+L/ASxv2sbfl8OL8NYUqtZ7Mjxt3vwO7Ws23J1RcSPoafjdMq3XTigDIutrjy2EVUU57LJTAkOynmUmLY7SsVi0A8ii01GK4SCCNJHal6CEblKuXXxmuUbzq1gvA+bld7Izg7i3EGXFujYCEWLu3hbBsNNoxZbHA57J/0xyyQ9d+i2rZeVAUJMnWSmzsf1oyY4f/WUeqxfE+yMUCl/62R3z9DApcqu5Ysx8144vkNsHBLJYN4FRcV+cINzAwlyZpn+sP8+XfrVEqrOsPDOvIrYKFf+Ze0wQxQqZkCEZPjgMl+gox8X5j5QRG4PvKr7ewTYF1nTDMJCkBVr4hkGo1NU4wwRMJ4CZ+w9t7Jg6aKgCdX+ZOPGMqui5jYbP+ZcZHEgrTU47IfMrSGEs2mwSIq7wOyRhhgPedXSh85ZOKMhB9+ESGL8/ORIJuk70yLR+LZ38mf9SCHwP0VCqGSFkMFcf3fraWZnGlP6BNukA96ay6SX+W6E/qDukZJsM+VTTKloehKzKe2IjGB4DVojndlynXBlkpj0nSCxvTKVT4CeJ+Y8TRTpifHeJrARFsivOIz
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB2641059009817305AEDD597FC1939BN7PR11MB2641namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2641.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2702135d-354e-4120-7300-08d8e2441cb5
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 15:09:03.8363 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LEC0WoCx2Ege+fNhXt4CC5gxQfqmYQfncEN103dd7dTvDLGjcEc0rCpyVOCU25qXqKHwNMV374ATQHE23mLxHQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3652
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xbe-aln-001.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/U0bggMC31f91ZgLnm9UsOpiYvhM>
Subject: [TLS] Comments on draft-friel-tls-eap-dpp-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 15:09:19 -0000

Again, last minute reviews...

It would appear that the exact computations that both the client and the server need to perform needs to be explicitly spelled out, as there are several possibilities.

Here is the one I could see that appear to have the security properties that you appear to be looking for:

Variable names:
                g - Well known group generator
                h - The secret generator that is private to the client and the server
                z - The secret value known to the client; g^z = h
                x - The client's ephemeral DH private value
                y - The server's ephemeral DH private value:

Client keyshare:
                This is the value g^x

When the server receives this, he selects y (and retrieves the value h); he then transmits (as his keyshare) the value:
                h^y
and stirs the value (g^x)^y into his KDF

When the client receives this (h^y), he computes:
                (h^y) ^ (x z^-1)
(where z^-1 is the modular inverse of z modulo the group order), and stirs that value into his KDF.

With this protocol, it appears that the client needs to know not only h, but also the value z.  However, this really needs to be spelled out (and run past the CFRG to check for subtle issues)

v2.23.0 | Report a Bug | By Email