IETF Logo Mail Archive

[TLS] Comment on draft-bmw-tls-pake13

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Fri, 14 March 2025 08:53 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 72F51B2978A for <tls@mail2.ietf.org>; Fri, 14 Mar 2025 01:53:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -10.287
X-Spam-Level:
X-Spam-Status: No, score=-10.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUD5PcWxjjCP for <tls@mail2.ietf.org>; Fri, 14 Mar 2025 01:53:57 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AB84DB29776 for <tls@ietf.org>; Fri, 14 Mar 2025 01:53:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=4439; q=dns/txt; s=iport01; t=1741942437; x=1743152037; h=from:to:subject:date:message-id:mime-version; bh=bmvv6h4+tbpxH78F4XUFS+yL6CccWDOx58ut6rgDMI0=; b=IsTgQ11PU03Tp34kz6BeGBys6uS+t2YthE486gO45gdpUtyBevxrop1C a3TwEfSPlM2Y/rAOrhw/PVFRkOwdubrQ7ga1e61Hjfirrj8b+qcj8ITJ8 PymEorEchC8Fhv7LagekHi7ayHz0ez2SUlp0bHj+CnNASDvvkygLOyjNr 2AN1rXoQj8QdpN3qf02nxJ1X/XB1iXKCxHc7Pf97sfZs+Idk/u9YXA3ht uRlxuADMtgY+fWOB23fH+v/yaxh1Hz3HTgtUS/56dALYWwvIzfaQSMDfn /3aDiLh6d+IL2VsI+c8eLaFxEvaaVty2Gk/Hrf3yTT/90plsO7og44/RW g==;
X-CSE-ConnectionGUID: i4oz8LD3SC2T01AoD+rR1g==
X-CSE-MsgGUID: fGGNP8eFTACGntOoNdnvyw==
X-IPAS-Result: A0ClAwAh7tNn/5L/Ja1agQklgS6BQTEqKAd2gRyIaQOFLYZUmWM7gTuEX4F+DwEBAQ0CRAQBAYUHAosbAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAQEBAQELAQEFAQEBAgEHBYEOE4V8DIZzGyc3AQwsRyYBBBsagmGCHEgDAaIxAYFAAooreIE0gQHgIoFIhQODTQEqgTOEDgE4ggyBOHsnG4FJRIEVQoIVhVZOg0WCLwSDaoJ/bYY3mQgWig2BRyIDJjMsAVUTFwsHBYFsAyo0FRyBRkM3N4IMaUk6Ag0CNYIbJFiCK4RNhDyEP4VQghGLNIRhLVFoHUADC209NxQbBQSBNQWgZoZac4ElZ6J6oi+BPgqEGwWheRepcWaYfiKoZwIEAgQFAg8BAQaBZzyBWXAVgyNRGQ+PTwECy2uBNAIHCwEBAwmQDoFXAQE
IronPort-PHdr: A9a23:Zo3RwRO9EkUIjk0PPVIl6nc2WUAX0o4cdiYc7p4hzrVWfbvmpdLpP VfU4rNmi1qaFYnY6vcRk+PNqOigQm0P55+drWoPOIJBTR4LiMga3kQgDceJBFe9LavCZC0hF 8MEX1hgl0w=
IronPort-Data: A9a23:MaDvmq/ko3BnW9SgLDhRDrUDx3+TJUtcMsCJ2f8bNWPcYEJGY0x3m GoYUTqPbKrZZWHwfI9wat+39R9S6pbQn4AxHAE+qn1EQiMRo6IpJzg2wmQcns+2BpeeJK6yx 5xGMrEsFOhtEDmE4E/rauW5xZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2bBVOCvT/ 4quyyHjEAX9gWMsaTtIs/vrRC5H5ZwehhtJ5jTSWtgT1LPuvyF9JI4SI6i3M0z5TuF8dsamR /zOxa2O5WjQ+REgELuNyt4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5nXBYoUnq7vh3S9zxHJ HqhgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/wmWeG0YAzcmCA2k3YYoKqsJbWlplr 8BAcRkKQlOZvbu5lefTpulE3qzPLeHxN48Z/3UlxjbDALN+ENbIQr7B4plT2zJYasJmRKmFI ZFGL2AyMVKZP0Mn1lQ/UPrSmM+ziH3icydVsnqepLE85C7YywkZPL3FbIeEI4bSH5gN9qqej mzp0ELBUhw0CPW05jyZ1XWKiunRjDyuDer+E5X9rJaGmma72mgIIBwbSVX9puO24nNSQPpFI EASvy5rpq8o+QnzH5/2XgazpziPuRt0t8dsLtDWITqlk8L8yw2YHWMDCDVGbbQbWAUeHFTGC nfhcwvVOAFS
IronPort-HdrOrdr: A9a23:Fl+St6htA+peJePPjQbghxiOe3BQX3x13DAbv31ZSRFFG/FwyP re/8jzhCWVtN9OYhAdcIi7SdS9qBPnmaKdkrNhQYtKPTOW81dAQ7sSlrcKrweQfxEWldQtn5 uIEZIOcuEYZGIS5a2VkWvIdurIq+P3lpxA8N2ut0uFOjsaEp2IgT0JbTqzIwldfiUDL5w/E5 aX+8pAoBSdWVl/VK6GL0hAddLu4/nQmrzbQTNuPXMaAQ+14g+A2frfKVy1zx0eWzRAzfMJ6m 7eiTH04a2lrrWS1gLc/3W71eUbpPLRjv94QOCcgMkcLTvhziyyYp56ZrGEtDcp5Mmy9VcRls XWqRtIBbU915qRRBD6nfLe4Xih7N8c0Q6g9bZeuwqgnSXNfkN6NyOGv/MdTvKW0TtlgDg26t M144vQjesoMfqHplWx2zANPCsa0HZdZhEZ4Kkupm0aXo0EZLBLq4sDuEtTDZcbBSr/rJsqCe 90EajnlYBrmH6hHgTkV1NUsauRd2V2Gg3DTlkJu8ST3TQTlHdlz1EAzMhamnsb7poyR5RN+u yBa81T5flzZ95Tabg4CPYKQMOxBGCISRXQMHiKKVCiEK0cIXrCp5P+/b1w7uC3f54Dyoc0hf 36IRplnH93f1irBdyF3ZVN/ByISGKhXS71wsUb/JR9sq2UfsufDcRCciFdryKNmYRtPiSAYY fDBHt/OY6SEVfT
X-Talos-CUID: 9a23:cBUZu2uYgfwpH3CZ1glUjY/v6IskLnrPnFP8eHSTU1oxEZSSZRyKwvprxp8=
X-Talos-MUID: 9a23:g8C5lAR3nqdVzBMLRXTiqx5EDJdlzZiHI28LjbIBncWCKz1vbmI=
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-l-core-09.cisco.com ([173.37.255.146]) by alln-iport-3.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 14 Mar 2025 08:53:56 +0000
Received: from alln-opgw-2.cisco.com (alln-opgw-2.cisco.com [173.37.147.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by rcdn-l-core-09.cisco.com (Postfix) with ESMTPS id E90A21800022B for <tls@ietf.org>; Fri, 14 Mar 2025 08:53:56 +0000 (GMT)
X-CSE-ConnectionGUID: iuBxg9pKRkO2LCrUevYqGA==
X-CSE-MsgGUID: OCCNuIINS9KDX7p/A0lSpQ==
Authentication-Results: alln-opgw-2.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.14,246,1736812800"; d="scan'208,217";a="19374422"
Received: from mail-bn1nam02lp2043.outbound.protection.outlook.com (HELO NAM02-BN1-obe.outbound.protection.outlook.com) ([104.47.51.43]) by alln-opgw-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2025 08:53:56 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=USMOWRErlGsC/QKSlAXlQ7xGY4z4Se51DDpLni98nJxWL2feMMwoAoBSszMa4DKHi9IYO4aqP/9Uxv+nMApQhU84YHzURAEwjTZ5khT+rYcD0/zPUDIddPs0kH1ZjDTDJqlu+l5o67obQpu0GRNiCx4V2PefwZcmn2SVhXms6wuraGQQgRzAdU+YNLnw5lUE4TIV/xd2XVbMKJrhGLzTGBI7QAlz8vOxioEv1QpK/caQRQex/SSrRIx+1PRaaDqtgHJOUWZM81esWizAILeU9vGFZn0Md/abDa7PyF6nfrR+n429AKtnDzpXozc10MBVzbUJPA5HAr9/Z2tJ9GufRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bmvv6h4+tbpxH78F4XUFS+yL6CccWDOx58ut6rgDMI0=; b=PgW9XZOsl9WxwGGvHeEqdGtXZk3y7zVC0EHM/H3cjke9MImSjO1W8eiVntY0OOoqEgB7qfZfXTOtrnibhjBO05eYnkzLrjMqul1uNYW8wegHPYAjIAJotlKSm0FF088zie3zBkcYgmU/UG2hIbiOL49+ls/9SRLU6idNr12aCeeelHGE3qsV43UyIw5J7CsXzJjvLSAJSX7U2YJ6MBrCfdOGahqIDATKv6ZkNdjVOCv4JRMywsu9iqdLw8Rt89pdgnRXrOFfEhstA+RrCStxgJW51afkhyqagxeP0HLsrc+3d5uAMs+msZG1alEHEpchD5mgcbmonotqtppYTTa2fA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from CH0PR11MB5444.namprd11.prod.outlook.com (2603:10b6:610:d3::13) by LV3PR11MB8727.namprd11.prod.outlook.com (2603:10b6:408:20d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.27; Fri, 14 Mar 2025 08:53:54 +0000
Received: from CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::5f89:ba81:ff70:bace]) by CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::5f89:ba81:ff70:bace%3]) with mapi id 15.20.8511.026; Fri, 14 Mar 2025 08:53:54 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: Comment on draft-bmw-tls-pake13
Thread-Index: AduUvDUKXWhlhggCRdOhyorMsz279A==
Date: Fri, 14 Mar 2025 08:53:54 +0000
Message-ID: <CH0PR11MB5444A5D0344C88ED3F93DB37C1D22@CH0PR11MB5444.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5444:EE_|LV3PR11MB8727:EE_
x-ms-office365-filtering-correlation-id: a398b228-4e6d-4c5a-5be9-08dd62d5c00c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018|8096899003;
x-microsoft-antispam-message-info: QGLCxoBAuT1qS0tJAYAnkFv6pH2xH/iUgJ+zuKREDKMJv+F7Z+YYKgm0FxhW4pIukbU4UIquxjMdIELXzNoyloIVq0ch3o68O5kdxRNeZ6vGcTlfbfdm2QtIeYUN/x/xo/JP3VKVMcu3U2IU7AdNRpocCH2C+ZGo7Xs5ZggCTzGHwm5ZRq60zanB+IYSDn+O1HcOBwQ+u2OCokINM571In0MIrMhCgwklcNfrZPraRJIzoXltElfzHPC5L3pVsvqlKiJJyKjv+7B6BHNzm8jY8ToLd0laZQE9Gyta5qJ87zV+VT+vwTNxim7EoIlOiItGtIJwQVO+V9l5HNAlo7oh1aEbwQ6HxhgHd44pNnfhj4Dh9m8rnM+f8J/H5a9H/IaXrAGHFMzapRywfcUsVrdPLfeLWIDXs4UNH6BqgoZvBmzA94meT8vdwMzec3hRn32+KDCC8ynzGPCn9msrOZoox6Eu3BDKID3gQiSUEEpkRN7bXcnKRq2MbnWlblfhF/FgQknTumUt3p7K8G/KjhbTnXuv7GvPJ4iY5jDpsSFYBs4/K3x0ItyuAPhDZFpelttjktHuxq9kbSoifEalqyLrJmAoLzDg4KBtJjFhzkHcBYPZzpbN1xaSRPUkKmdAImbfctRHPqbkzLRSOhaMrS5uVuLOKUzNUkxsIKT4FogIeOHIb4lPlxG5EuznWxQRLd0xlybqmJjhaevryw8O/JQf7B9+W82pg36+ZlrFZpa4rFyLe4zHr+4xNETNb8TkxV1qKZF0Rh18a0nFYgvZV0tc1FyWEZokFrdSd6OKDBV9aVfNbtPnDhlDjYhQFVUJUsM3Lqkvc9QNEYMHQCrsxLfVgUNrtWJU/4m/6lNW0kAuLJa1unvTkoO8/aLttJWOHEmf0MHLXNhNVEWYpFA3aya+V41cYQCnbXhfRiD+Iw7Wi6EVtRNhbirDkxBuB6tq15Q5fzmGKU0XtwyCz88qfCvl7IuNOBvuLxlD3fMx5O9yeK7dsZ5Xh1ANy4dfSmP4xRQFc6Y4NKmNIqC+Ic2rt87+Bu0qGELO4IdRLeVxFuHdiaJhM9aawxd5dPIagca9neiOZjsW8qYZhFY87ez+Gg2nNxf55J3JiIDbCnxsmkhWpUoJ6/tBWcp1+QSpp0O9P5x9L6CoW/vBCkjghSG4g4tobBvqBCA8uwUxYlCSVKsp05fHwRxOOBV7uOvpOx/A2X/3dNYjBHZgUvQx9M9afNrr9bEq8PwwM8HHv7NPxLs8vNoeeA6teTIS33Cin1ivOl01Zpg2EWxXZuTV+Ejn+XUTf9q5ttrNTht3v1l/FQOmpoUyIdbzJYnbWm/FzLStEd0wV9bn2QKrafc7YouYPgnxRdJlwSe0EwiDWS6wRRo9ug2XQQWxaEbsFvn3ZPWyx1bQuPNLp6ntjUPnKPR7Ui89zqN2J0lwzLChACeul230zx97ZLX9h8dr/2XMreXD2yY
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR11MB5444.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Tj9VAsHPwrL2vu581dMrgDCS5DdMADdvMwK4HBLTCxZ4vv6GiK7rVZEk+1w6YYJIUbUAP9vuSBukANeEYVEz48dltA3dOoAi9wc7C1bwQyWquuwx7f6K0+93802cZvTr6oE4qJEx5lwwxaLS1Eck0oRru+lS9uXr6180zu6ZIi3w1Uo5RfkHeq5qOdIQsCn6pel114Q/6cEveva4YYmLHserSipQugmbi2RkdvqY4AKi2yIlpl/xJw7AryBnuE2Bt6vQbyDaF+IIV12sItF4Baj6dqeMrhMucm/eEQuuHslwy47QtFFkiY7WV3TjWtBeP6oid7jt1T5FXHIlezNODS+gj51+w5iH25B2uGQ9iSJ9IYxwNfZAz7nsWYPDPwhqH7zHm1ConoFxJDyWIfDWNCyFrknaJp6vC+eHzjZ7MW526ee9gKe/1Efh75rFcqD5SQYJmcblynZHOVM3aoeE/hkyGXGgvlcahHcJGd0cEaPCZM4ls+FwrycOIFFnXvJDCs6N19o/ENQ8FRofwwp0GqnThcAHOe3ZSbXEoiGWwmQTMb5d7G7jR4XRozcYXfTX1CYxp8WGGObDeLnc/a8/sjB7L/xMEtoYd3po2FV75ahPpD6XF/+DLALVo+1NeQHgCzD+2ZsbUyJ4nF+CQm5Qb1PxG6QA9LfgidS7t/yZ0jHCF3XICxO40uC28gXO9YaAQPUYisyLU31VxHn6IAPyLOTqUTLtVMruERFvyHovgWR3AU0NxjrJuN/cFh6HC61NmZWjTLwowyHkzryfadnZEZzNBfLkVsCmEAKa+J1U3uW6aZpnSs++xJTeEDJwrbr/CQcYGIsHVIZ8bkNkWeeSbe34X3sOW594MFrhmswbYmcTfU720vTfnz6Tw82sIjLxEjY6+POXWd2+gz1SnXVIOytuPAolX5Q1LHusvULcdIet5YV4dt3+gL6XX2NgSdHHzsOFHcbZ7rX0KMo0CuldUae+e9o3VlQlTuvVILwe+rUp0qhJNdmvrvCFz0ybSi+C4Txt5X9PAlqA58VoemiXZIx7lV9tBttnjpPYQJGTHpvBeFWvnQP+Bx43Ql7wwAiXtKOueIFeQvyDX6o8C0ZGodP+Wi+Qd/gyi0f5D7pe0O6f1ehBga1aEHIUyUNE+lJJonmztjNSDhwdI3NBMh0+70xpC/0gA5dl+Db1zBDHC/QtuCL9kDggYstlfifLw5GV3YWu1J+HRtl4FkeTOnoczp+j54BsqXXVRo7b2V1wPqw0sD7ZfgT/BcFMmGf+fJhAgxYn8E2f+lmhpmLC9ufNE7jgEtoEj+aEqRVn+mY8KRdMgnWI5TjT1XRMMME8O3z2KZXKFpdsHUZ2GWYkbXm2p7UDH/YYaeW7PHPRlITe9ZB+Fg7WkgQyQ0fAUCfJoCxK/bNJ9J7nE+vryOTlHnE5ZE7hAqizqJpixzcl5FQr+g7rJyr1d5FV1PYr/dpxEPlsBV+8XxtK6tf0hurEA650C+9vnEEV/pX9buEGKXAO/JJg/DX7ygCSYQw1T+VqXP7AfAs29uAgxmx1Aj7IqKV9JJnNTHOKwUuroVpTUO9zJqaK+DIKq1o+msZacvc5TvxD
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5444A5D0344C88ED3F93DB37C1D22CH0PR11MB5444namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5444.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a398b228-4e6d-4c5a-5be9-08dd62d5c00c
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Mar 2025 08:53:54.5933 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L3eGHkUyEb/bL2fsEAold2mYWRiQGLZ4tJu697BjySuj5bma8Kskcrbz4sS35aUJQEPQp18kIwaQQAILDuixUg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR11MB8727
X-Outbound-SMTP-Client: 173.37.147.250, alln-opgw-2.cisco.com
X-Outbound-Node: rcdn-l-core-09.cisco.com
Message-ID-Hash: FNFJ52C6KQRTPGGAXIRGLZIOEYI3HYHK
X-Message-ID-Hash: FNFJ52C6KQRTPGGAXIRGLZIOEYI3HYHK
X-MailFrom: sfluhrer@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Comment on draft-bmw-tls-pake13
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/c7HrXuXjQPYk9-KXxiX6V6h6q8k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I went through the PAKE draft on TLS 1.3, and while I certainly appreciate the use of a PAKE within TLS, I would like to highlight one potential security issue that the working group needs to be aware of.

The draft has SPAKE2+ as its sole defined parameter set; SPAKE2+ has a rather interesting property that if the attacker can perform a single discrete log problem, in particular, compute the discrete log of N to the base of M, that is, find k such that kM = N, then the PAKE properties go away.  That is, an active attacker can perform a single exchange, and then efficiently run through his dictionary of potential passwords and (as long as the correct password is in the dictionary) recover the password.

Let me repeat this: if someone can solve a single discrete log problem (for example, if he has a slow Cryptographically Relevant Quantum Computer), then the attacker can immediately attack any SPAKE2+ implementation using that parameter set, anywhere in the world.

If the working group endorses SPAKE2+, then they need to be aware of this, and should highlight it in the security considerations.

v2.30.2 | Report a Bug | By Email | System Status