Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Eric Rescorla <ekr@rtfm.com> Thu, 05 December 2013 14:48 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 749F61ADF83 for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 06:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IYZKx_2zCBhc for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 06:48:37 -0800 (PST)
Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) by ietfa.amsl.com (Postfix) with ESMTP id 9F9C61AE054 for <tls@ietf.org>; Thu, 5 Dec 2013 06:48:37 -0800 (PST)
Received: by mail-wi0-f177.google.com with SMTP id cc10so9914316wib.16 for <tls@ietf.org>; Thu, 05 Dec 2013 06:48:33 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=MsSRe1Oav+U+izKwLgF87r9HaNRGN6hz3vlgrX5WBSw=; b=GOKgS9g5LvSNnZfSnxxLM6oQoSA/UpzwZV1P3GX2LwdaXzOOtIpYLQEAPWNvT3aeY/ cDnol7TUmbNXu4E2KvuCrUjUg9l6uRQdmWNZCK+xiL3QLzmSoJbuZtEShOleQsE2YkQ4 oY0sCh+w4DMuAvz43Vb3L+bkkUqxzWt5Ubnv+apvfLjNPYzwRAXGk+0CwLTswUHxpQtw aHrV9sxmKkDot4NGBPQQRBwZ6pJYVWmVGvHMFyxpsiqcC2bS4wFCYPgL9DaMW3nLwtg/ VaSTheauzwrOY8vlRHCovhYJYwSoxw36o9NDNYfqNRcvCXkINE45gTofLruHfFFjZ9ZH 8E0g==
X-Gm-Message-State: ALoCoQlmZQVpvA3HULFAqZdbzEV6T2sA9bfPilngnzLwtv+3uFUPruU/qSVXb4g1dj/vQrop0CEF
X-Received: by 10.194.240.197 with SMTP id wc5mr70234703wjc.23.1386254913507; Thu, 05 Dec 2013 06:48:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.152.137 with HTTP; Thu, 5 Dec 2013 06:47:52 -0800 (PST)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CADMpkcKTAARYK2id27T44eVyx6gF24mkt9nAkUZbSmwtEtd2gg@mail.gmail.com>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <529C990D.3020608@gmail.com> <CACsn0cmtP_dF7N2op4DZUwR8t-fW30GmtdqQoteZ+9Y0oH3dUg@mail.gmail.com> <a4b1729af4966e99df1582943f02a0a8.squirrel@www.trepanning.net> <CACsn0cksrU2GErd6FkZPkXKXK4pSJhTbBoJ-0C-14jsM=UY2iQ@mail.gmail.com> <14e67efee74d2ec6d535f6750ed829db.squirrel@www.trepanning.net> <CACsn0c=PnB2CA8rpNtcOp6RRLNWHEPN-aN+AdWSF7FJM2wZOog@mail.gmail.com> <6d86c3be1741ed14992ec8662e0d32c7.squirrel@www.trepanning.net> <CADMpkcKTAARYK2id27T44eVyx6gF24mkt9nAkUZbSmwtEtd2gg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 5 Dec 2013 06:47:52 -0800
Message-ID: <CABcZeBOtGkE2+MC+gPxNinuRFvTK2ezBLQsp6re8V5zA4Bz3EQ@mail.gmail.com>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 14:48:39 -0000

On Thu, Dec 5, 2013 at 3:48 AM, Bodo Moeller <bmoeller@acm.org>; wrote:
> Dan Harkins <dharkins@lounge.org>;:
>
>> The exchange was reviewed by the CFRG with, as Joe noted, satisfactory
>> results.
>
>
> While it is true that Joe noted that, I think the point of the present
> discussion is that the protocol wasn't actually reviewed by the CFRG with
> satisfactory results.

Bodo,

The TLS WG isn't chartered to evaluate cryptographic mechanisms, so
where there is some question we generally rely on CFRG for an opinion
as we recently did with Salsa, ChaCha, etc. [1].  (I know you know
this, but to state for the mailing list)


With that in mind, TLS-PWD was the first time we did that and as Joe
stated, we did have a verbal report back from the chair of the CFRG
that they considered it satisfactory. However, based on the present
discussion it's clear that a number of people have concerns about
the security of the underlying mechanism. One of the purposes of
Last Call is to flush out exactly this kind of objection, so that's
good, though I wish we'd caught this earlier. We're still working
on the CFRG interface, so hopefully we'll get better at that part.

Anything we standardize in this area really does need to have a clean
report back from the CFRG. It seems clear that that's not the case
here.

-Ekr
[As chair]

[1] http://www.ietf.org/mail-archive/web/tls/current/msg10221.html