Re: [TLS] The PAKE question and PSK
SeongHan Shin <seonghan.shin@aist.go.jp> Wed, 09 April 2014 04:07 UTC
Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFEF21A0089 for <tls@ietfa.amsl.com>; Tue, 8 Apr 2014 21:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ta6rrdG7infp for <tls@ietfa.amsl.com>; Tue, 8 Apr 2014 21:07:18 -0700 (PDT)
Received: from na3sys010aog105.obsmtp.com (na3sys010aog105.obsmtp.com [74.125.245.78]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE1F1A0090 for <tls@ietf.org>; Tue, 8 Apr 2014 21:07:17 -0700 (PDT)
Received: from mail-bk0-f44.google.com ([209.85.214.44]) (using TLSv1) by na3sys010aob105.postini.com ([74.125.244.12]) with SMTP ID DSNKU0THdZhugh1me8SOWkj0y/4XILjF+X1S@postini.com; Tue, 08 Apr 2014 21:07:17 PDT
Received: by mail-bk0-f44.google.com with SMTP id mz13so1869212bkb.3 for <tls@ietf.org>; Tue, 08 Apr 2014 21:07:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4Ndt9hPQHPsep0CHEX5B8sC+1BAg1Xt5JHlbzcqodrw=; b=llBoifFnU+htUKlMfto/lTK+EvCUVGL7PPwcBD3DlcwKqxkWLlQs3RtC9esJQshZVL vStePKD95lfJEHL8qWl80yEpWgagLUBZpZB4dd5F24XNopvENjZYTRnTCCwRJkDIXe9U GgmvsYsPypSN/Uby8npHeiwxm6Tdfnfdyl3ec=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4Ndt9hPQHPsep0CHEX5B8sC+1BAg1Xt5JHlbzcqodrw=; b=jq055Vm/kREQgjPs5LqR2HL32QtA+D1CG7Pt+aehZIClNz1MywcEQe6V7RXpQRxq9L l5sG+f6zPLF8SntD4skuXEKjRjAuFE8TBRl7E9jqgFyTV29EA2pHtiQrNJHzw5CQuu1Y H4elGnkHcmghjuoVfHXD1vc4dGkrsmfgTwz+Gf6vvkyxGUJklXv6sVPSn4avAkYeCTYx H6xKXY5iz/z7A2Mk2aWr+U8SEqXjWrxMaIQN2+GyBg5PTEh6jaF70/hZWJLM/wGtL2fW Gfcjq3jnTcDcgvnA3XpSVwj3bvXWYoduK1vYlOZfgQ7YeTPsMay52vUqn9igRvJZpMf8 JRkA==
X-Gm-Message-State: ALoCoQl3cCzTd6NwA0o/3IRNz/NubVoEUph75WVCW4DmM7zJmraUucPBCg4wdv1g0TRX7ciZM43l8uXjRjTJCL+C3pi/IwTjrePL5FD9ws0d7RUuahbOTEHEx26KUP1JJ9B4MhTgjKqX
X-Received: by 10.112.119.208 with SMTP id kw16mr5340174lbb.19.1397016435940; Tue, 08 Apr 2014 21:07:15 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.112.119.208 with SMTP id kw16mr5340158lbb.19.1397016435737; Tue, 08 Apr 2014 21:07:15 -0700 (PDT)
Received: by 10.112.83.166 with HTTP; Tue, 8 Apr 2014 21:07:15 -0700 (PDT)
In-Reply-To: <3eea5a90ed4b766b00589e61c30d6137.squirrel@www.trepanning.net>
References: <CACsn0cnBXvjo4cCN8htKvmakzhneqq4nXN9WfPdgkqjgBTNpGA@mail.gmail.com> <533BBC3C.6000704@gmx.net> <7a41ee191d22df1f5924a68034c74a49.squirrel@www.trepanning.net> <533C3D12.7040802@gmx.net> <3a1e30958a4e240be96d8a822a1fcdae.squirrel@www.trepanning.net> <CAK3OfOj7Wfo+BbTHfJGnEJE+OOs9ba43tFH24GX6rVWbf868iQ@mail.gmail.com> <397fd5afead8db2b71444a0ad36196b2.squirrel@www.trepanning.net> <CACsn0cnDm=DL7YHQx6xLGiayS3Vqy0aOvgi3ZnyEK7nLPQsM3g@mail.gmail.com> <3eea5a90ed4b766b00589e61c30d6137.squirrel@www.trepanning.net>
Date: Wed, 09 Apr 2014 13:07:15 +0900
Message-ID: <CAEKgtqnb82WXOLpiMcw=o3yRrso=ZiEMvRX6RwZu57cmLiU8kA@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="047d7b873c0c65cea604f6943c05"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xmgaseQgea-UaTM-GWwumWXrDCE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] The PAKE question and PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 04:07:22 -0000
Dear all, >> Failing that, make AugPAKE work on ECC by grabbing the draft and fixing >> it, then submit that instead. > > You should stop telling people to do things you are unwilling to do >yourself. In the next version, I would include ECC version of AugPAKE. Best regards, Shin On Thu, Apr 3, 2014 at 3:52 AM, Dan Harkins <dharkins@lounge.org> wrote: > > On Wed, April 2, 2014 11:15 am, Watson Ladd wrote: > > On Apr 2, 2014 10:55 AM, "Dan Harkins" <dharkins@lounge.org> wrote: > >> > >> > >> On Wed, April 2, 2014 10:26 am, Nico Williams wrote: > >> > On Wed, Apr 2, 2014 at 12:18 PM, Dan Harkins <dharkins@lounge.org> > > wrote: > >> >> EKE doesn't do RSA. And, as Nico pointed out, observing a single > >> >> exchange > >> >> can eliminate a large majority of the potential passwords. Even an > >> >> infrequent > >> >> use can give an adversary a high probability of successfully > > determining > >> >> the secret. > >> > > >> > But if you use Elligator then that problem goes away. That's the key > >> > point. > >> > >> Yes, as I mentioned back in December on this list, EKE with Elligator > >> would make a very good alternative to TLS-pwd. And if there was a mature > >> draft ready for publication that specified such a scheme it would be > >> worth > >> considering. But there isn't. And we're 2+ years away from having such a > >> thing. Probably more since we have not identified a stuckee willing to > >> edit it. > >> > >> As Cullen mentioned, the IETF is a volunteer organization and telling > >> people that they should go write a draft specifying your alternative to > >> their draft is not really productive. > >> > >> I have received and resolved comments on the draft dealing with > >> protection of the username from passive observers and on mitigating > >> side channel attacks. There is no technical problem with TLS-pwd and it > >> solves real problems right now. I see no reason why it should not ease > >> away from the curb (and out of its parked position). > > > > What about the complete absence of any positive security analysis? You've > > known this was going to be an issue since you invented Dragonfly. I feel > > completely uncompelled to be 'productive' at the expense of security. > > You're overstating things a bit. There is no formal proof but that > doesn't > mean there is a complete absence of any positive security analysis. > > Being uncompelled and upset at the lack of a formal proof are not > technical comments, they are just whines. > > > Quit fussing and whining about how hard it is to write drafts. You could > > have started with something provably secure and avoided wasting your > > efforts. > > "Quit fussing and whining" works both ways. You've been fussing and > whining since you joined this list and it might be a good time to quit. > > To be clear, I have not said that it is hard to write a draft, I said it > is time > consuming. And I already have a draft (and running code) that solves the > problems I have identified. I have no reason to volunteer to write another > draft to do something that you want and I don't think you can afford my > consulting rate. > > > Failing that, make AugPAKE work on ECC by grabbing the draft and fixing > > it, then submit that instead. > > You should stop telling people to do things you are unwilling to do > yourself. > > Dan. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- ------------------------------------------------------------------ SeongHan Shin Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan Tel : +81-29-861-2670/5284 Fax : +81-29-861-5285 E-mail : seonghan.shin@aist.go.jp ------------------------------------------------------------------
- [TLS] The PAKE question and PSK Watson Ladd
- Re: [TLS] The PAKE question and PSK Hannes Tschofenig
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Dan Harkins
- Re: [TLS] The PAKE question and PSK Watson Ladd
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Hannes Tschofenig
- Re: [TLS] The PAKE question and PSK Dan Harkins
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Dan Harkins
- Re: [TLS] The PAKE question and PSK Watson Ladd
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Dan Harkins
- Re: [TLS] The PAKE question and PSK Dan Harkins
- Re: [TLS] The PAKE question and PSK Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK Nico Williams
- Re: [TLS] The PAKE question and PSK SeongHan Shin