IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-00.txt

Tony Putman <Tony.Putman@dyson.com> Mon, 16 April 2018 09:50 UTC

Return-Path: <prvs=637447634=Tony.Putman@dyson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8671126D45 for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 02:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMZvPbEtYOKL for <tls@ietfa.amsl.com>; Mon, 16 Apr 2018 02:50:29 -0700 (PDT)
Received: from esa1.dyson.c3s2.iphmx.com (esa1.dyson.c3s2.iphmx.com [68.232.133.31]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B857126B6E for <tls@ietf.org>; Mon, 16 Apr 2018 02:50:28 -0700 (PDT)
X-IronPort-SPF: SKIP
X-IronPort-AV: E=McAfee;i="5900,7806,8864"; a="37253381"
X-IronPort-AV: E=Sophos;i="5.48,459,1517875200"; d="scan'208";a="37253381"
Received: from unknown (HELO uk-dlp-smtp-02.dyson.global.corp) ([62.189.202.16]) by esa1.dyson.c3s2.iphmx.com with ESMTP; 16 Apr 2018 11:01:20 +0100
Received: from uk-dlp-smtp-02.dyson.global.corp (uk-dlp-smtp-02.dyson.global.corp [127.0.0.1]) by uk-dlp-smtp-02.dyson.global.corp (Service) with ESMTP id 3C90994711; Mon, 16 Apr 2018 08:36:31 +0000 (GMT)
Received: from UK-MAL-CAS-01.dyson.global.corp (unknown [10.1.108.2]) by uk-dlp-smtp-02.dyson.global.corp (Service) with ESMTP id 2E6E494702; Mon, 16 Apr 2018 08:36:31 +0000 (GMT)
Received: from UK-MAL-CAS-03.dyson.global.corp (10.1.108.111) by UK-MAL-CAS-01.dyson.global.corp (10.1.108.2) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 16 Apr 2018 10:50:21 +0100
Received: from UK-MAL-MBOX-02.dyson.global.corp ([fe80::d06f:fa07:f6dd:5a9c]) by UK-MAL-CAS-03.dyson.global.corp ([10.1.108.111]) with mapi id 14.03.0319.002; Mon, 16 Apr 2018 10:50:20 +0100
From: Tony Putman <Tony.Putman@dyson.com>
To: Richard Barnes <rlb@ipv.sx>
CC: "<tls@ietf.org>" <tls@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-00.txt
Thread-Index: AQHT0aURP8E25F81m0KNzl5SphxWl6P84Y0AgAIa3oCABCuigA==
Date: Mon, 16 Apr 2018 09:50:20 +0000
Message-ID: <140080C241BAA1419B58F093108F9EDC1DBFD7C7@UK-MAL-MBOX-02.dyson.global.corp>
References: <152345795593.1972.17855870949078823595.idtracker@ietfa.amsl.com> <CAL02cgSOA-asdvyFNLLpcN59qeVjwQU9F2f=mgM9Y_B0Xv4rmg@mail.gmail.com> <140080C241BAA1419B58F093108F9EDC1DBF718C@UK-MAL-MBOX-01.dyson.global.corp> <CAL02cgS7dJVrMwiE9UrJKmaxW1v876et0Qg_S8MKf5FbSZjekg@mail.gmail.com>
In-Reply-To: <CAL02cgS7dJVrMwiE9UrJKmaxW1v876et0Qg_S8MKf5FbSZjekg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.108.27]
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yUV5pTuoCATOgEXPGnSu1YuM01E>
Subject: Re: [TLS] Fwd: New Version Notification for draft-barnes-tls-pake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 09:50:31 -0000

Hi Richard,

I don't think that you can protect against server compromise with SPAKE2. The server can store w*N as you suggest, but it also has to store w*M because it must calculate y*(T-w*M). An attacker that learns w*M and w*N from a compromised server can then impersonate a client. 

The rest of your comments I agree with (though they are not all addressed in the updated draft). 

Tony

> From: Richard Barnes [mailto:rlb@ipv.sx] 
> Sent: 13 April 2018 19:50
>
> Hey Tony,
>
> Thanks for the comments.  Hopefully we can adapt this document to tick more boxes for you :)  
> Since I had noticed some other errors in the document (e.g., figures not rendering properly), 
> I went ahead and submitted a new version that takes these comments into account.
>
> https://tools.ietf.org/html/draft-barnes-tls-pake-01
>
> Some responses inline below.

Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.23.0 | Report a Bug | By Email