[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt

Rob Sayre <sayrer@gmail.com> Mon, 17 March 2025 17:02 UTC

MIME-Version: 1.0
References: <05B28816-9AA9-4035-B451-8ACFFBE2D4DE@apple.com> <CAChr6Sy1Eew1J5z9at3qEwLRWn+7ZLm0f564LobNQGMD7ANQaA@mail.gmail.com> <CABcZeBOpk2cYAyie4=G5=c6V43HvGB70fKVf_e_bQqnt_4C9WQ@mail.gmail.com> <CAF8qwaAoYEZj_t56unUAqz+SaKw6CvMFJ2NmqNmE8skmjKKSpA@mail.gmail.com> <CAChr6Sw+9bZxjcaJMNbY8UZBbmv5ZDnyb7aGtCjXcrtxvfeoew@mail.gmail.com> <CABcZeBNFPLWcYDhv1axqSwTX_w_yatfbJyih8CUMhZfkK5484g@mail.gmail.com> <CAChr6Syji7TKs6GumtmpZ8_tKXb5UK10_b6HdR1PU8Oni0pTkw@mail.gmail.com> <CABcZeBOHSGBOj_4R0bVdCpaRTcVV6=uHOzvWcY9HFei7PbC1fw@mail.gmail.com>
In-Reply-To: <CABcZeBOHSGBOj_4R0bVdCpaRTcVV6=uHOzvWcY9HFei7PbC1fw@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 17 Mar 2025 10:02:13 -0700
Message-ID: <CAChr6SxFNN4wH=45HANWuFZVX8_2HfX14mS2WayVSe_ide2RWg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="00000000000090b8d906308cc042"
Message-ID-Hash: 5SO3IUZMLZ6ULH7WK5XVBKVELK362PVT
CC: Laura Bauman <l_bauman=40apple.com@dmarc.ietf.org>, tls@ietf.org
Precedence: list
Subject: [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dHC4TcPGd9EGgvqrhJFd47O1GQE>

On Mon, Mar 17, 2025 at 9:38 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
> As above, I don't see what this has to do with PAKEs at all. If you have a
> third
> party authentication system, whether sign in with Apple, Google, or some
> SSO
> provider, then you don't need to share any secret with the relying party.
>

In my mind, the idea is that you don't have to rely solely on WebPKI if you
have that information handy after registration. I am not sure what the
authors' intent is, but that is what I thought of. Maybe it's just so one
can register home devices that play a sound during setup, or take a picture
like a smart watch pairing.

At the time I was looking at this problem, there were some addresses on
these devices that couldn't be MITMed even with admin privileges. I asked
about the addresses for these features and I did get a response. It was
"why are you asking about this?" :) Then, I found IT security people fuming
about this issue online. So, I decided to let it be.

thanks,
Rob

[TLS] Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt David Benjamin
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Björn Haase
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Martin Thomson
[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla