Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Bodo Moeller <> Tue, 19 November 2013 11:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 751691ADEA3 for <>; Tue, 19 Nov 2013 03:38:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.454
X-Spam-Status: No, score=-1.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.525, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WmQGf6gCpz7e for <>; Tue, 19 Nov 2013 03:38:38 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1A65D1AD8D8 for <>; Tue, 19 Nov 2013 03:38:38 -0800 (PST)
Received: from ( []) by (node=mrbap3) with ESMTP (Nemesis) id 0LaUDn-1VGZTt3ARL-00lotF; Tue, 19 Nov 2013 12:38:31 +0100
Received: by with SMTP id o6so2252016oag.32 for <>; Tue, 19 Nov 2013 03:38:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4jr6GZmhEs68WRhJWGyphnj6+KfCEKr4NU0zBgnke/Q=; b=FTRmL2dRU7y1c2nAZ0FLutiLLXjiozBoZ5rpfvTNtkxldjasVJILS99GkaqmfwaetT PrPqMDZxaXWMDs4epDxl20rUa3x8XiF8Pu4rk/dkZWqTIUI2Dmq0Z9nG3vf1zmI2OXj1 I65tzJhgniD9s97v7lhRrEILc8LBNksby8TxrwGvqiI6J+P/lM5WpIyr8+6WZN3nqG0r P3VFFM0zm1sSyhWyY3K8Koy0bQlbqworO1q+T4VTYJ5d8v6DO+STbP7rNhkvj+qyMVlB RPJEAsf3GCfnrttOjWRnrYCXigHkD5Ae53GZNC/sO6bYWQfX8iWBqSlaB/XMYqa/4eMY TP8g==
MIME-Version: 1.0
X-Received: by with SMTP id yc4mr329131obc.67.1384861109506; Tue, 19 Nov 2013 03:38:29 -0800 (PST)
Received: by with HTTP; Tue, 19 Nov 2013 03:38:29 -0800 (PST)
In-Reply-To: <>
References: <> <>
Date: Tue, 19 Nov 2013 12:38:29 +0100
Message-ID: <>
From: Bodo Moeller <>
To: "<>" <>
Content-Type: multipart/alternative; boundary=089e015384d67f26af04eb861a28
X-Provags-ID: V02:K0:XvEi0m2EQ1hI6o1WhCEfNmotIjm7qyq0n9v91HuRUQg Ee6ExVEBtKeLzSSWyOxu3eRizkfijSWAiDzRQdEY/bTYRk9ShP aJdmtOcAt7o5FwznNA+g8LkXAaAL3+jKephi1P+cHdzctrX7vg aV7HFfhRYdjg2u6cvCjXKqcNFVXFl9bPCBiAf5AqwnoCQqxmqw OJV3cfy4qVjQ4Mvek104xVkhGYZOeDfEMLwFjkV2y+a6Xqwtpw 33kj2GMPR2e6GyEY0d9PM/MXTfaQu6sp8JyD6Pe700x307oR30 aHo5LjcOkwux3eBtqNb1riZIiVZSLqPTGYRgido3f5JYeRHk4r 5oTlxdCX/Zb/rknyzCYQAAI0PLGgvGYZP+Np9sq7Lje/fOTu2U bJbw5FFxtPa4fHA2YnEqEVMP6Z2pG7BD77mKkK7lOcEKlX0mnE 3dQdb
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Nov 2013 11:38:39 -0000

2013/11/8 Douglas Stebila <>

> I believe that where possible the IETF should aim to standardize
> cryptographic protocols that have provable security results.  Such proofs
> of course don't guarantee the protocol is secure in all scenarios, but at
> least rule out some classes of attacks.  In the field of password
> authenticated key exchange, there are many provably secure protocols, and
> so it would be preferable to see one such protocol adopted.

Right.  So there's already an RFC for using SRP in TLS, but it's
Informational.  Many other such protocols can be found in the research
literature (and, sometimes, in Internet-Drafts).  If we're picking a
password-based key exchange for Standards Track, why this one?  What are
the advantages of this specific protocol over the others?

>From a brief look, one drawback of draft-ietf-tls-pwd-01 besides lack of
formal security arguments appears to be that it's presumably less efficient
than some other such protocols ("hunt-and-peck" loop).