Re: [Emu] Agenda Take 2

To: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>, "Dan Harkins" <dharkins at lounge.org>, "SeongHan Shin" <seonghan.shin at aist.go.jp>
Subject: Re: [Emu] Agenda Take 2
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Mon, 10 Mar 2008 14:56:08 -0700
Authentication-results: sj-dkim-3; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: Kazukuni Kobara <k-kobara at aist.go.jp>, emu at ietf.org
Delivered-to: ietfarch-emu-web-archive at core3.amsl.com
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=6237; t=1205186130; x=1206050130; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20RE=3A=20[Emu]=20Agenda=20Take=202 |Sender:=20; bh=mih8d03J0kRN4HQ5kvdQJfMJ7pcD0VMQtO2b++bufLk=; b=bOtpNBp5ntK/kAFivEKjDPF+XJOTjMRXkCFmQJU0zhrqM4AKYDmFRl4QMI Lq4/vjjZ/+MRlQZkJE6cYXMl69DHyZ5xWo1Bqugaq1f18Z30p0BHVdDStKCN h6bhWex4Wh;
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE5056D6F74 at xmb-sjc-225.amer.cisco.com>
List-archive: <http://www.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Sender: emu-bounces at ietf.org
Thread-index: Ach8/XKyAkcL5TQ8QiGa7CsIrHm/uwF+1HQwAAAuefA=
Thread-topic: [Emu] Agenda Take 2

Sorry, make that draft-harkins-emu-eap-pwd-01  

> -----Original Message-----
> From: emu-bounces at ietf.org [mailto:emu-bounces at ietf.org] On 
> Behalf Of Joseph Salowey (jsalowey)
> Sent: Monday, March 10, 2008 2:55 PM
> To: Dan Harkins; SeongHan Shin
> Cc: Kazukuni Kobara; emu at ietf.org
> Subject: Re: [Emu] Agenda Take 2
> 
> Hi Dan,
> 
> Could you describe the technical differences between the 
> approach in draft-harkins-emu-eap-pwd-00.txt and existing 
> approaches of SRP, SPEKE and EKE?  
> 
> Thanks,
> 
> Joe 
> 
> > -----Original Message-----
> > From: emu-bounces at ietf.org [mailto:emu-bounces at ietf.org] On 
> Behalf Of 
> > Dan Harkins
> > Sent: Sunday, March 02, 2008 11:07 PM
> > To: SeongHan Shin
> > Cc: 'Kazukuni Kobara'; emu at ietf.org
> > Subject: Re: [Emu] Agenda Take 2
> > 
> > 
> >   Hi Shin,
> > 
> >   I'll put this on the list for cleanup in the -02 version.
> > In section 2.6.3.2 it describes constructing the password 
> element for 
> > a prime modulus group. It says:
> > 
> >       pwd-value = KDF(pwd-seed, "EAP-pwd Affixing the PWE", len(p))
> > 
> >       PWE = pwd-value mod p
> > 
> > this should be:
> > 
> >       pwd-value = pwd-value mod p
> > 
> > We want to ensure the value stretched to the length of the prime is 
> > numerically less than the prime. Section 2.6.3.2 goes on to say:
> > 
> >    The PWE is then computed by exponentiating the pwd-value to the 
> > value
> >    ((p-1)/r) modulus the prime.
> > 
> >       PWD = pwd-value ^ ((p-1)/r) mod p
> > 
> > I'm not sure where PWD came from :-). The convention is 
> capitals for 
> > elliptic curve groups to distinguish between elements and scalars. 
> > There is no such convention for prime modulus groups so it 
> should be:
> > 
> >    The pwe is then computed by exponentiating the pwd-value to the 
> > value
> >    ((p-1)/r) modulus the prime.
> > 
> >       pwe = pwd-value ^ ((p-1)/r) mod p
> > 
> > And then that "pwe" is used in 2.6.4.2. The idea is we take 
> a pwe-seed 
> > derived from the secret and identities and stretch that 
> using the KDF 
> > into a pwd-value which we reduce modulo the prime. The pwd-value is 
> > then used to construct the password element, pwe, by 
> exponentiating as 
> > described above-- pwd-value ^ ((p-1)/r) mod p. I obviously 
> messed up 
> > the description of that.
> > 
> >   As I said, I'll clean this up in the next version. If you do find 
> > any security issues with this draft please let me know. And also if 
> > there are other typographical errors or similar issues you 
> come across 
> > please tell me so I can clean them up.
> > 
> >   regards,
> > 
> >   Dan.
> > 
> > On Sun, March 2, 2008 10:27 pm, SeongHan Shin wrote:
> > > Dear Dan Harkins,
> > >
> > > Sorry, I didn't know that the ID is updated.
> > > Anyway, I'll go through the new ID.
> > >
> > > By the way, is "pwe" in section 2.6.4.2 the same as "PWE"?
> > >
> > > Best regards,
> > > Shin
> > >
> > > -----Original Message-----
> > > From: Dan Harkins [mailto:dharkins at lounge.org]
> > > Sent: Monday, March 03, 2008 2:17 PM
> > > To: SeongHan Shin
> > > Cc: emu at ietf.org; 'Kazukuni Kobara'
> > > Subject: Re: [Emu] Agenda Take 2
> > >
> > >
> > >   Hi Shin,
> > >
> > >   That draft has been updated. Please see the -01 version. 
> > That is the
> > > one that will be presented in Philly and is, I believe,
> > resistant to
> > > off-line dictionary attack. If you know of an attack against it I 
> > > would be extremely interested in hearing about it.
> > >
> > >   regards,
> > >
> > >   Dan.
> > >
> > > On Sun, March 2, 2008 7:16 pm, SeongHan Shin wrote:
> > >> Dear all,
> > >>
> > >> This is Shin.
> > >> I read the below ID (Password only Mechanism) 
> > >> http://tools.ietf.org/id/draft-harkins-emu-eap-pwd-00.txt
> > >> to be presented at IETF 71.
> > >>
> > >> The idea of the protocol seems interesting.
> > >> However, I found that the protocol is susceptible to off-line 
> > >> dictionary attack.
> > >> If someone is interested, I'll show how the attack works.
> > >> (you may already know that.)
> > >>
> > >> Best regards,
> > >> Shin
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: emu-bounces at ietf.org [mailto:emu-bounces at ietf.org]
> > On Behalf Of
> > >> Joseph Salowey (jsalowey)
> > >> Sent: Thursday, February 28, 2008 8:04 AM
> > >> To: emu at ietf.org
> > >> Subject: [Emu] Agenda Take 2
> > >>
> > >> EMU Agenda
> > >> IETF 71
> > >> THURSDAY, March 13, 2008
> > >> 0900-1130 Morning Session I
> > >> ---------------------------------------------
> > >> + Administrivia (5 min)
> > >>  - agenda, blue sheets, note takers
> > >>
> > >> + Document Status (5 min)
> > >>  - EAP-TLS  - draft-simon-emu-rfc2716bis-13.txt
> > >>  - EAP-GPSK - draft-ietf-emu-eap-gpsk-08.txt
> > >>
> > >> + Charter Revision Status (70 min)
> > >>  - General text (10 min)
> > >>  - Tunnel Method (20 min)
> > >>  - Secure Password Only Method (20 min)
> > >>  - Channel Bindings (20 min)
> > >>
> > >> + Tunnel Method Requirements (30 min)
> > >>  - draft-salowey-emu-eaptunnel-req-00.txt
> > >>
> > >> + Channel Bindings (20 min)
> > >>  - draft-clancy-emu-chbind-00.txt
> > >>  - draft-clancy-emu-aaapay-00.txt
> > >>
> > >> + Password only Mechanism (20 min)
> > >>  - draft-harkins-emu-eap-pwd-00.txt 
> > >> _______________________________________________
> > >> Emu mailing list
> > >> Emu at ietf.org
> > >> https://www.ietf.org/mailman/listinfo/emu
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> Emu mailing list
> > >> Emu at ietf.org
> > >> https://www.ietf.org/mailman/listinfo/emu
> > >>
> > >
> > >
> > >
> > >
> > >
> > >
> > 
> > 
> > _______________________________________________
> > Emu mailing list
> > Emu at ietf.org
> > https://www.ietf.org/mailman/listinfo/emu
> > 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www.ietf.org/mailman/listinfo/emu
> 
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Emu] Agenda Take 2
  - From: Dan Harkins

References:
- Re: [Emu] Agenda Take 2
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: [Emu] Agenda Take 2
Next by Date: Re: [Emu] Agenda Take 2
Previous by thread: Re: [Emu] Agenda Take 2
Next by thread: Re: [Emu] Agenda Take 2
Index(es):
- Date
- Thread

Re: [Emu] Agenda Take 2

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.