IETF Logo Mail Archive

[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt

Laura Bauman <l_bauman@apple.com> Tue, 18 March 2025 02:23 UTC

Return-Path: <l_bauman@apple.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 07689D5F444 for <tls@mail2.ietf.org>; Mon, 17 Mar 2025 19:23:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mrcgzlpb8Mmd for <tls@mail2.ietf.org>; Mon, 17 Mar 2025 19:23:51 -0700 (PDT)
Received: from rn-mx02.apple.com (rn-mx02.apple.com [17.132.108.1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 81D8DD5F43D for <tls@ietf.org>; Mon, 17 Mar 2025 19:23:51 -0700 (PDT)
Received: from ma-mailsvcp-mta-lapp04.corp.apple.com (ma-mailsvcp-mta-lapp04.corp.apple.com [10.226.18.136]) by mr55p01nt-mxp02.apple.com (Oracle Communications Messaging Server 8.1.0.27.20250130 64bit (built Jan 30 2025)) with ESMTPS id <0STA28W6DRZPAH10@mr55p01nt-mxp02.apple.com> for tls@ietf.org; Tue, 18 Mar 2025 02:23:50 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-18_01,2025-03-17_03,2024-11-22_01
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=cc : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=20180706; bh=PALpGxgrXATWuCvAOSWe5yF505rZiaf7AlXRjm+Ow4k=; b=JntkEkLwUgBl5nN5vW1t5EB9sS+OlPIakdESG21GkxAf9DmshuXcT1GWqQOgh7X9EQ7W iJFtAlxf2oMK5+Rly2C65WJyHb84gYNT2trIAC8JREwqs1FHLjq2w7YbT/WfR2Zjunxv udmM7p1c1tdSvou/4d/WzddD6rZ6DW/RGns/DNwKDbnslhEx7xJijdp7+4+TVc3fAsAQ GdYx3+BzJ2BxN/a20Pywb8DsZd6v+3Jpc0rZp9AKkBS1cLmux8CjUndaVcAHHNOa7bNW JsoqTuf16B1r36yv3GoKK4hvfPYlZhBnfPcyjEJt/0H9+uk+3g9xyiiJ/YG4tmymfkxx VA==
Received: from st47p01nt-mmpp08.apple.com (st47p01nt-mmpp08.apple.com [10.170.123.82]) by ma-mailsvcp-mta-lapp04.corp.apple.com (Oracle Communications Messaging Server 8.1.0.27.20250130 64bit (built Jan 30 2025)) with ESMTPS id <0STA009Z0RZOS320@ma-mailsvcp-mta-lapp04.corp.apple.com>; Mon, 17 Mar 2025 19:23:48 -0700 (PDT)
Received: from process_milters-daemon.st47p01nt-mmpp08.apple.com by st47p01nt-mmpp08.apple.com (Oracle Communications Messaging Server 8.1.0.27.20250130 64bit (built Jan 30 2025)) id <0STA17Q00RMYM300@st47p01nt-mmpp08.apple.com>; Tue, 18 Mar 2025 02:23:48 +0000 (GMT)
X-Va-A:
X-Va-T-CD: 85ac672ee468b354f33ae4e87d5ecae8
X-Va-E-CD: a49df0eda66d5a583e84bcfe97c23797
X-Va-R-CD: 95f345aedfb12b2f1512531644def1ca
X-Va-ID: 5f1fe1a6-27d8-4380-88e9-28055216482c
X-Va-CD: 0
X-V-A:
X-V-T-CD: 85ac672ee468b354f33ae4e87d5ecae8
X-V-E-CD: a49df0eda66d5a583e84bcfe97c23797
X-V-R-CD: 95f345aedfb12b2f1512531644def1ca
X-V-ID: b58019db-717c-4686-9863-e3852d66cb78
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-18_01,2025-03-17_03,2024-11-22_01
Received: from smtpclient.apple (unknown [17.234.218.94]) by st47p01nt-mmpp08.apple.com (Oracle Communications Messaging Server 8.1.0.27.20250130 64bit (built Jan 30 2025)) with ESMTPSA id <0STA17M34RZB9Y00@st47p01nt-mmpp08.apple.com>; Tue, 18 Mar 2025 02:23:48 +0000 (GMT)
From: Laura Bauman <l_bauman@apple.com>
Message-id: <576FC1C2-BC06-4ABC-A98E-6AB363AB31A1@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_C991BBC5-B7DB-4642-A2E4-AA1B5F356A9F"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3826.300.87.4.3\))
Date: Tue, 18 Mar 2025 09:23:24 +0700
In-reply-to: <CAChr6Szz2HS71x2DnekY3Os4LaNEJs704rgSjRhVL9z_VF43jg@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
References: <05B28816-9AA9-4035-B451-8ACFFBE2D4DE@apple.com> <CAChr6Sy1Eew1J5z9at3qEwLRWn+7ZLm0f564LobNQGMD7ANQaA@mail.gmail.com> <CABcZeBOpk2cYAyie4=G5=c6V43HvGB70fKVf_e_bQqnt_4C9WQ@mail.gmail.com> <CAF8qwaAoYEZj_t56unUAqz+SaKw6CvMFJ2NmqNmE8skmjKKSpA@mail.gmail.com> <CAChr6Sw+9bZxjcaJMNbY8UZBbmv5ZDnyb7aGtCjXcrtxvfeoew@mail.gmail.com> <CABcZeBNFPLWcYDhv1axqSwTX_w_yatfbJyih8CUMhZfkK5484g@mail.gmail.com> <CAChr6Syji7TKs6GumtmpZ8_tKXb5UK10_b6HdR1PU8Oni0pTkw@mail.gmail.com> <CABcZeBOHSGBOj_4R0bVdCpaRTcVV6=uHOzvWcY9HFei7PbC1fw@mail.gmail.com> <CAChr6SxFNN4wH=45HANWuFZVX8_2HfX14mS2WayVSe_ide2RWg@mail.gmail.com> <CAChr6Szz2HS71x2DnekY3Os4LaNEJs704rgSjRhVL9z_VF43jg@mail.gmail.com>
X-Mailer: Apple Mail (2.3826.300.87.4.3)
Message-ID-Hash: SDNIFFP5LDSKN3METBNYYD3AGYJVRY6D
X-Message-ID-Hash: SDNIFFP5LDSKN3METBNYYD3AGYJVRY6D
X-MailFrom: l_bauman@apple.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/meIVhMlSFSf71wZ5MZsvW-_5PAU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> On Mar 18, 2025, at 1:44 AM, Rob Sayre <sayrer@gmail.com> wrote:
> 
> On Mon, Mar 17, 2025 at 10:02 AM Rob Sayre <sayrer@gmail.com <mailto:sayrer@gmail.com>> wrote:
>> On Mon, Mar 17, 2025 at 9:38 AM Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>>> 
>>> As above, I don't see what this has to do with PAKEs at all. If you have a third
>>> party authentication system, whether sign in with Apple, Google, or some SSO
>>> provider, then you don't need to share any secret with the relying party.
>> 
>> In my mind, the idea is that you don't have to rely solely on WebPKI if you have that information handy after registration.
> 
> The other PAKE draft on the agenda explains this motivation better in its introduction, although the mechanism is different:
> 
> https://www.ietf.org/archive/id/draft-guo-pake-pha-tls-01.html#name-introduction
> 
> In draft-bmw-tls-pake13-01, the words "such as" are doing a lot of work in the abstract and introduction. I doubt they are aiming at passwords that a user types, given all of their other efforts to ditch passwords, but idk.


Our usage of “password” in the abstract/introduction appears to be a bit misleading. There is a disconnect between the term password (as in P(assword)AKE) and what we view as the motivating use cases for this mechanism, namely:

1. One time connections with no need for a long term authentication credentials (e.g. screen casting, video conferencing equipment)
2. An initial connection over which high entropy long term credentials (e.g. external PSK, RPKs) can be exchanged (e.g. pairing, device setup)

In these cases, the “password” is more likely to be a passcode/pin or otherwise temporary low entropy secret. We are not aiming to provide a solution or alternative for web login use cases or advocating for users to need to enter passwords more places.

v2.31.3 | Report a Bug | By Email | System Status