[TLS] Comments on TLS-ECJ-PAKE draft

Robert Cragie <robert.cragie@gridmerge.com> Thu, 16 June 2016 09:51 UTC

Return-Path: <robert.cragie@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1C9512D096 for <tls@ietfa.amsl.com>; Thu, 16 Jun 2016 02:51:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOQw-UVmz6AI for <tls@ietfa.amsl.com>; Thu, 16 Jun 2016 02:51:17 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E3B12B071 for <tls@ietf.org>; Thu, 16 Jun 2016 02:51:16 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id m124so61169685wme.1 for <tls@ietf.org>; Thu, 16 Jun 2016 02:51:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:from:date:message-id:subject:to; bh=qQQyRLlN0mihJK8xdXbaVNB7fI5wzDyVBVG8q3RRAoY=; b=jWLQ9X8F1sIdwrNxvpSLr7QIysyi/V5lJetWN9KyzlRS2b15iE11dd9Fbtq1cbRWI5 JyA0T92SIHxAMEjV83Z0tjScHPDYuddmH9tMUMuizym1K01OABFoea/9lEd1K0bWZHbh vWe20129JcKrQFS16p9WLufe3jxYhWb7KpvEXqLY44PoX06V0Zlom6ZcxzEp0Xt+ZN6x mqt8F8lMS4dtlqHYCpvruRU1UfzHId90MU0yrgzW6ei14+t9JUW9P90FY3W6X1L+w9Hg uWZjlBcGsuU6FNh73M7c3ELl1QmgVgffiULY67a8mp3j96ZDf2lFYPhoCgzIVy3kRqYt SX5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:sender:from:date :message-id:subject:to; bh=qQQyRLlN0mihJK8xdXbaVNB7fI5wzDyVBVG8q3RRAoY=; b=BZxTxGg3d3XQ6nWXcse1BrEFQhZF1d4WihIIetBK2BzNoPgmmJLHVYqOWYckghrUo+ u2grtRokcXahJR4Ubeh3KR3vnVxdvp0XWZqoTW8/TKXQD2VW0S7zjg88TEoEzjjnsEb/ kHt1j8hJZvfdcltuhqQDKyJVCyg74HNLR51ZXIPfyUpoJ4ZmcDpDHNJE3kWi3ydm5hoe 2WsQkvtHNudnX3Ka02lnwLl+OQ2CqoH6nZkr1pUgxhEfvy/VkWOATeQkfWPHZSVoKlef PbatlvhqnMUz8alke2enRK3Xx7VptyPsEta3wVJE3d0MGi8wixlF+S4Ad9SkvR4SQlMG A/rg==
X-Gm-Message-State: ALyK8tIumQlXT21CUsSqt6LVJQ6cTUpAR2WXA8kePo0S9tKshogL/rr4hp9tJS2KjlmEIo+OKCUizfMYwLUjCQ==
X-Received: by 10.28.41.65 with SMTP id p62mr14043125wmp.15.1466070675109; Thu, 16 Jun 2016 02:51:15 -0700 (PDT)
MIME-Version: 1.0
Sender: robert.cragie@gmail.com
Received: by 10.194.223.106 with HTTP; Thu, 16 Jun 2016 02:51:14 -0700 (PDT)
From: Robert Cragie <robert.cragie@gridmerge.com>
Date: Thu, 16 Jun 2016 10:51:14 +0100
X-Google-Sender-Auth: -di5ZNdLta_Cj2sr-MbpX_QygAI
Message-ID: <CADrU+d+V3MNuUPp-FmJopS=SRn5Zp673758i5Y+Sg4qP+gUaMA@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=001a114e35b0ce46670535622db8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ddPUb_j9VwnUZcsYfFbKkLkeAUE>
Subject: [TLS] Comments on TLS-ECJ-PAKE draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2016 09:51:19 -0000

I would like to ask the working group for comments on the TLS-ECJ-PAKE
draft:

https://tools.ietf.org/html/draft-cragie-tls-ecjpake-00

Some brief notes:

* This intended status is informational.
* The draft is based on TLS/DTLS 1.2 as the Thread group required basis on
existing RFCs wherever possible. For that reason and due to the WGs focus
on TLS 1.3, I have understood from the chairs that it would not have
received a great deal of attention from the WG, hence the intended status
of informational.
* The draft reflects the current use of the TLS_ECJPAKE_WITH_AES_128_CCM_8
cipher suite in Thread (http://threadgroup.org/).
* There is an experimental implementation in mbed TLS (
https://github.com/ARMmbed/mbedtls)
* The Thread group would like to get IANA assignments for 4 cipher suite
values and one ExtensionType value as soon as possible.
* There are at least four independent implementations, which have been used
in interop. testing over the last 18 months.
* The security considerations recommend restriction of the use of this
cipher suite to Thread and similar applications and recommends it should
not be used with web browsers and servers (mainly due to the long
discussions regarding the use of PAKEs on this and other mailing lists).

Robert