Sorry, make that draft-harkins-emu-eap-pwd-01
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Joseph Salowey (jsalowey) > Sent: Monday, March 10, 2008 2:55 PM > To: Dan Harkins; SeongHan Shin > Cc: Kazukuni Kobara; [email protected] > Subject: Re: [Emu] Agenda Take 2 > > Hi Dan, > > Could you describe the technical differences between the > approach in draft-harkins-emu-eap-pwd-00.txt and existing > approaches of SRP, SPEKE and EKE? > > Thanks, > > Joe > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > > Dan Harkins > > Sent: Sunday, March 02, 2008 11:07 PM > > To: SeongHan Shin > > Cc: 'Kazukuni Kobara'; [email protected] > > Subject: Re: [Emu] Agenda Take 2 > > > > > > Hi Shin, > > > > I'll put this on the list for cleanup in the -02 version. > > In section 2.6.3.2 it describes constructing the password > element for > > a prime modulus group. It says: > > > > pwd-value = KDF(pwd-seed, "EAP-pwd Affixing the PWE", len(p)) > > > > PWE = pwd-value mod p > > > > this should be: > > > > pwd-value = pwd-value mod p > > > > We want to ensure the value stretched to the length of the prime is > > numerically less than the prime. Section 2.6.3.2 goes on to say: > > > > The PWE is then computed by exponentiating the pwd-value to the > > value > > ((p-1)/r) modulus the prime. > > > > PWD = pwd-value ^ ((p-1)/r) mod p > > > > I'm not sure where PWD came from :-). The convention is > capitals for > > elliptic curve groups to distinguish between elements and scalars. > > There is no such convention for prime modulus groups so it > should be: > > > > The pwe is then computed by exponentiating the pwd-value to the > > value > > ((p-1)/r) modulus the prime. > > > > pwe = pwd-value ^ ((p-1)/r) mod p > > > > And then that "pwe" is used in 2.6.4.2. The idea is we take > a pwe-seed > > derived from the secret and identities and stretch that > using the KDF > > into a pwd-value which we reduce modulo the prime. The pwd-value is > > then used to construct the password element, pwe, by > exponentiating as > > described above-- pwd-value ^ ((p-1)/r) mod p. I obviously > messed up > > the description of that. > > > > As I said, I'll clean this up in the next version. If you do find > > any security issues with this draft please let me know. And also if > > there are other typographical errors or similar issues you > come across > > please tell me so I can clean them up. > > > > regards, > > > > Dan. > > > > On Sun, March 2, 2008 10:27 pm, SeongHan Shin wrote: > > > Dear Dan Harkins, > > > > > > Sorry, I didn't know that the ID is updated. > > > Anyway, I'll go through the new ID. > > > > > > By the way, is "pwe" in section 2.6.4.2 the same as "PWE"? > > > > > > Best regards, > > > Shin > > > > > > -----Original Message----- > > > From: Dan Harkins [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 03, 2008 2:17 PM > > > To: SeongHan Shin > > > Cc: [email protected]; 'Kazukuni Kobara' > > > Subject: Re: [Emu] Agenda Take 2 > > > > > > > > > Hi Shin, > > > > > > That draft has been updated. Please see the -01 version. > > That is the > > > one that will be presented in Philly and is, I believe, > > resistant to > > > off-line dictionary attack. If you know of an attack against it I > > > would be extremely interested in hearing about it. > > > > > > regards, > > > > > > Dan. > > > > > > On Sun, March 2, 2008 7:16 pm, SeongHan Shin wrote: > > >> Dear all, > > >> > > >> This is Shin. > > >> I read the below ID (Password only Mechanism) > > >> http://tools.ietf.org/id/draft-harkins-emu-eap-pwd-00.txt > > >> to be presented at IETF 71. > > >> > > >> The idea of the protocol seems interesting. > > >> However, I found that the protocol is susceptible to off-line > > >> dictionary attack. > > >> If someone is interested, I'll show how the attack works. > > >> (you may already know that.) > > >> > > >> Best regards, > > >> Shin > > >> > > >> > > >> -----Original Message----- > > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of > > >> Joseph Salowey (jsalowey) > > >> Sent: Thursday, February 28, 2008 8:04 AM > > >> To: [email protected] > > >> Subject: [Emu] Agenda Take 2 > > >> > > >> EMU Agenda > > >> IETF 71 > > >> THURSDAY, March 13, 2008 > > >> 0900-1130 Morning Session I > > >> --------------------------------------------- > > >> + Administrivia (5 min) > > >> - agenda, blue sheets, note takers > > >> > > >> + Document Status (5 min) > > >> - EAP-TLS - draft-simon-emu-rfc2716bis-13.txt > > >> - EAP-GPSK - draft-ietf-emu-eap-gpsk-08.txt > > >> > > >> + Charter Revision Status (70 min) > > >> - General text (10 min) > > >> - Tunnel Method (20 min) > > >> - Secure Password Only Method (20 min) > > >> - Channel Bindings (20 min) > > >> > > >> + Tunnel Method Requirements (30 min) > > >> - draft-salowey-emu-eaptunnel-req-00.txt > > >> > > >> + Channel Bindings (20 min) > > >> - draft-clancy-emu-chbind-00.txt > > >> - draft-clancy-emu-aaapay-00.txt > > >> > > >> + Password only Mechanism (20 min) > > >> - draft-harkins-emu-eap-pwd-00.txt > > >> _______________________________________________ > > >> Emu mailing list > > >> [email protected] > > >> https://www.ietf.org/mailman/listinfo/emu > > >> > > >> > > >> > > >> _______________________________________________ > > >> Emu mailing list > > >> [email protected] > > >> https://www.ietf.org/mailman/listinfo/emu > > >> > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > Emu mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/emu > > > _______________________________________________ > Emu mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
