[TLS] Symmetric PAKE for TLS
Schmidt, Jörn-Marc <Joern-Marc.Schmidt@secunet.com> Fri, 06 June 2014 09:25 UTC
Return-Path: <Joern-Marc.Schmidt@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 479401A0445
for <tls@ietfa.amsl.com>; Fri, 6 Jun 2014 02:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.95
X-Spam-Level:
X-Spam-Status: No, score=-2.95 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3,
RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RMArWW-jjRQJ for <tls@ietfa.amsl.com>;
Fri, 6 Jun 2014 02:25:03 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D35191A0442
for <tls@ietf.org>; Fri, 6 Jun 2014 02:25:02 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1])
by a.mx.secunet.com (Postfix) with ESMTP id 4153A1A0071
for <tls@ietf.org>; Fri, 6 Jun 2014 11:24:54 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1])
by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id MpIgx14EfFCh for <tls@ietf.org>;
Fri, 6 Jun 2014 11:24:49 +0200 (CEST)
Received: from mail-gw-int (unknown [10.53.40.207])
by a.mx.secunet.com (Postfix) with ESMTP id 520611A0075
for <tls@ietf.org>; Fri, 6 Jun 2014 11:24:49 +0200 (CEST)
Received: from [10.53.40.205] (port=17565 helo=mail-essen-02.secunet.de)
by mail-gw-int with esmtp (Exim 4.80 #2 (Debian)) id 1WsqOH-0003dg-Mq
for <tls@ietf.org>; Fri, 06 Jun 2014 11:24:49 +0200
Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by
mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id
14.03.0181.006; Fri, 6 Jun 2014 11:24:49 +0200
From: =?iso-8859-1?Q?Schmidt=2C_J=F6rn-Marc?= <Joern-Marc.Schmidt@secunet.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Symmetric PAKE for TLS
Thread-Index: Ac+BZl0orOotk0jDSUe2wzH1yJLRkA==
Date: Fri, 6 Jun 2014 09:24:48 +0000
Message-ID: <38634A9C401D714A92BB13BBA9CCD34F071673D1@mail-essen-01.secunet.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.208.1.85]
Content-Type: multipart/alternative;
boundary="_000_38634A9C401D714A92BB13BBA9CCD34F071673D1mailessen01secu_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/l1ZQuRSdethtoaBhFc0B7zRfZVU
Subject: [TLS] Symmetric PAKE for TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 09:25:05 -0000
Dear all, I'd like to come back to a topic that has raised intensive discussions in the past: Introducing a symmetric PAKE scheme for TLS that supports ECC. I believe such a protocol is very useful, e.g. for enrollment of certificates on constrained devices like IP phones. My proposal is to use PACE [1] with a flexible mapping to support Weierstrass as well as Montgomery and Edwards curves. The rationale behind this suggestion is: - It's patent-free [2] - It comes with a security proof [3] - It received a lot of attention as it is used in European travel documents I think the mapping of a random number to an ECC point that is used by the protocol should be very flexible, so that it is possible to use e.g. simplified SWU [4] for Weierstrass or Elligator [5] for Montgomery and Edwards. If you hold the appropriate license, you can even use Icart's function [6]. Cause of the intense previous discussion, I'd like to collect some opinions on the list before moving forward and writing a draft. Any feedback and thoughts are welcome. Best, Jörn [1] BSI TR-03110 Advanced Security Mechanisms for Machine Readable Travel Documents [2] PACE has been used in travel documents for years without patent discussions - the only critical thing is the mapping. [3] Security Analysis of the PACE Key-Agreement Protocol. Jens Bender, Marc Fischlin and Dennis Kügler [4] Efficient Indifferentiable Hashing into Ordinary Elliptic Curves. Eric Brier et. al [5] http://elligator.cr.yp.to/ [6] How to Hash into Elliptic Curves. Thomas Icart
- [TLS] Symmetric PAKE for TLS Schmidt