draft-ietf-kitten-krb-spake-preauth-02.txt   draft-ietf-kitten-krb-spake-preauth-03.txt 
Internet Engineering Task Force N. McCallum Internet Engineering Task Force N. McCallum
Internet-Draft S. Sorce Internet-Draft S. Sorce
Updates: 3961 (if approved) R. Harwood Updates: 3961 (if approved) R. Harwood
Intended status: Standards Track Red Hat, Inc. Intended status: Standards Track Red Hat, Inc.
Expires: April 23, 2018 G. Hudson Expires: June 3, 2018 G. Hudson
MIT MIT
October 20, 2017 November 30, 2017
SPAKE Pre-Authentication SPAKE Pre-Authentication
draft-ietf-kitten-krb-spake-preauth-02 draft-ietf-kitten-krb-spake-preauth-03
Abstract Abstract
This document defines a new pre-authentication mechanism for the This document defines a new pre-authentication mechanism for the
Kerberos protocol that uses a password authenticated key exchange. Kerberos protocol that uses a password authenticated key exchange.
This document has three goals. First, increase the security of This document has three goals. First, increase the security of
Kerberos pre-authentication exchanges by making offline brute-force Kerberos pre-authentication exchanges by making offline brute-force
attacks infeasible. Second, enable the use of second factor attacks infeasible. Second, enable the use of second factor
authentication without relying on FAST. This is achieved using the authentication without relying on FAST. This is achieved using the
existing trust relationship established by the shared first factor. existing trust relationship established by the shared first factor.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2018. This Internet-Draft will expire on June 3, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 19, line 44 skipping to change at page 19, line 44
12.2.2. Initial Registry Contents 12.2.2. Initial Registry Contents
o ID Number: 1 o ID Number: 1
o Name: edwards25519 o Name: edwards25519
o Specification: [RFC7748] section 4.1 (edwards25519) o Specification: [RFC7748] section 4.1 (edwards25519)
o Serialization: [RFC8032] section 3.1 o Serialization: [RFC8032] section 3.1
o Multiplier Length: 32 o Multiplier Length: 32
o Multiplier Conversion: [RFC8032] section 3.1 o Multiplier Conversion: [RFC8032] section 3.1
o SPAKE M Constant: o SPAKE M Constant:
5ada7e4bf6ddd9adb6626d32131c6b5c51a1e347a3478f53cfcf441b88eed12e d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf
o SPAKE N Constant: o SPAKE N Constant:
10e3df0ae37d8e7a99b5fe74b44672103dbddcbd06af680d71329a11693bc778 d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab
o ID Number: 2 o ID Number: 2
o Name: P-256 o Name: P-256
o Specification: [SEC2] section 2.4.2 o Specification: [SEC2] section 2.4.2
o Serialization: [SEC1] section 2.3.3 (compressed). o Serialization: [SEC1] section 2.3.3 (compressed).
o Multiplier Length: 32 o Multiplier Length: 32
o Multiplier Conversion: [SEC1] section 2.3.8. o Multiplier Conversion: [SEC1] section 2.3.8.
o SPAKE M Constant: o SPAKE M Constant:
02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f 02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f
o SPAKE N Constant: o SPAKE N Constant:
skipping to change at page 22, line 11 skipping to change at page 22, line 11
[SEC1] Standards for Efficient Cryptography Group, "SEC 1: [SEC1] Standards for Efficient Cryptography Group, "SEC 1:
Elliptic Curve Cryptography", May 2009. Elliptic Curve Cryptography", May 2009.
[SEC2] Standards for Efficient Cryptography Group, "SEC 2: [SEC2] Standards for Efficient Cryptography Group, "SEC 2:
Recommended Elliptic Curve Domain Parameters", January Recommended Elliptic Curve Domain Parameters", January
2010. 2010.
13.2. Non-normative References 13.2. Non-normative References
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI
10.17487/RFC6234, May 2011, <https://www.rfc-
editor.org/info/rfc6234>.
[RFC6560] Richards, G., "One-Time Password (OTP) Pre- [RFC6560] Richards, G., "One-Time Password (OTP) Pre-
Authentication", RFC 6560, DOI 10.17487/RFC6560, April Authentication", RFC 6560, DOI 10.17487/RFC6560, April
2012, <https://www.rfc-editor.org/info/rfc6560>. 2012, <https://www.rfc-editor.org/info/rfc6560>.
[RFC6649] Hornquist Astrand, L. and T. Yu, "Deprecate DES, RC4-HMAC- [RFC6649] Hornquist Astrand, L. and T. Yu, "Deprecate DES, RC4-HMAC-
EXP, and Other Weak Cryptographic Algorithms in Kerberos", EXP, and Other Weak Cryptographic Algorithms in Kerberos",
BCP 179, RFC 6649, DOI 10.17487/RFC6649, July 2012, BCP 179, RFC 6649, DOI 10.17487/RFC6649, July 2012,
<https://www.rfc-editor.org/info/rfc6649>. <https://www.rfc-editor.org/info/rfc6649>.
[SPAKE] Abdalla, M. and D. Pointcheval, "Simple Password-Based [SPAKE] Abdalla, M. and D. Pointcheval, "Simple Password-Based
skipping to change at page 24, line 7 skipping to change at page 24, line 7
challenge [1] SPAKEChallenge, challenge [1] SPAKEChallenge,
response [2] SPAKEResponse, response [2] SPAKEResponse,
encdata [3] EncryptedData, encdata [3] EncryptedData,
... ...
} }
END END
Appendix B. SPAKE M and N Value Selection Appendix B. SPAKE M and N Value Selection
The M and N constants for the edwards25519 group are the SHA-256 The M and N constants for the NIST groups are from
hashes [RFC6234] hashes of "edwards25519 point generation seed (M)" [I-D.irtf-cfrg-spake2] section 3.
and "edwards25519 point generation seed (N)" respectively. Both
hashes decode to valid curve points. The M and N constants for the edwards25519 group were generated using
the algorithm from [I-D.irtf-cfrg-spake2] section 3 and the seed
strings "edwards25519 point generation seed (M)" and "edwards25519
point generation seed (N)".
Appendix C. Test Vectors Appendix C. Test Vectors
For the following text vectors: For the following text vectors:
o The key is the string-to-key of "password" with the salt o The key is the string-to-key of "password" with the salt
"ATHENA.MIT.EDUraeburn" for the designated initial reply key "ATHENA.MIT.EDUraeburn" for the designated initial reply key
encryption type. encryption type.
o x and y were chosen randomly within the order of the designated o x and y were chosen randomly within the order of the designated
group. group, then multiplied by the cofactor..
o The SPAKESupport message contains only the designated group's o The SPAKESupport message contains only the designated group's
number. number.
o The SPAKEChallenge message offers only the SF-NONE second factor o The SPAKEChallenge message offers only the SF-NONE second factor
type. type.
o The KDC-REQ-BODY message contains no KDC options, the client o The KDC-REQ-BODY message contains no KDC options, the client
principal name "raeburn@ATHENA.MIT.EDU", the server principal name principal name "raeburn@ATHENA.MIT.EDU", the server principal name
"krbtgt/ATHENA.MIT.EDU", the realm "ATHENA.MIT.EDU", the till "krbtgt/ATHENA.MIT.EDU", the realm "ATHENA.MIT.EDU", the till
field "19700101000000Z", the nonce zero, and an etype list field "19700101000000Z", the nonce zero, and an etype list
containing only the designated encryption type. containing only the designated encryption type.
DES3 edwards25519 DES3 edwards25519
key: 850bb51358548cd05e86768c313e3bfef7511937dcf72c3e key: 850bb51358548cd05e86768c313e3bfef7511937dcf72c3e
w: a1f1a25cbd8e3092667e2fddba8ecd24f2c9cef124f7a3371ae81e11cad42a07 w: a1f1a25cbd8e3092667e2fddba8ecd24f2c9cef124f7a3371ae81e11cad42a07
x: 0442027aaf1fa95b7f86589578df43e413167ae8d9dceb377628338123ee7404 x: 201012d07bfd48ddfa33c4aac4fb1e229fb0d043cfe65ebfb14399091c71a723
y: 6a21e5e81217568835d497fb212b86b49e656acf0641169a0b59f4e665e8b304 y: 500b294797b8b042aca1bedc0f5931a4f52c537b3608b2d05cc8a2372f439f25
X: 13d13759fb4b46273b6b74a2d399c6cce686058b8d44ac51837caf8d860c5c01 X: ec274df1920dc0f690c8741b794127233745444161016ef950ad75c51db58c3e
Y: 3e0b035ef980fdf99f39c754603fea028813e41315f937d8cdfbbd2d1840f35c Y: d90974f1c42dac1cd4454561ac2d49af762f2ac87bf02436d461e7b661b43028
T: ee72f8b68efe6d77bd5f1dcd3d65a08f7e257684fa05a470b6be22dad58e2fe3 T: 18f511e750c97b592acd30db7d9e5fca660389102e6bf610c1bfbed4616c8362
S: e6eac1972008a77f23d130d681957159781527ef33d708fab0457bd254073526 S: 5d10705e0d1e43d5dbf30240ccfbde4a0230c70d4c79147ab0b317edad2f8ae7
K: db0ac82ea8fc1c57ee4291a06a2d0a63c02584753edaf87c473027c44bdc509a K: 25bde0d875f0feb5755f45ba5e857889d916ecf7476f116aa31dc3e037ec4292
SPAKESupport: a0093007a0053003020101 SPAKESupport: a0093007a0053003020101
Checksum after SPAKESupport: 9037756a58a060f80c13 Checksum after SPAKESupport: 9037756a58a060f80c13354b1a743a66837f1d4d
354b1a743a66837f1d4d SPAKEChallenge: a1363034a003020101a122042018f511e750c97b592acd30
SPAKEChallenge: a1363034a003020101a1220420ee72f8b68efe6d77bd5f1d db7d9e5fca660389102e6bf610c1bfbed4616c8362a20930
cd3d65a08f7e257684fa05a470b6be22dad58e2fe3a20930
073005a003020101 073005a003020101
Checksum after SPAKEChallenge: 07e110094bee01edfd17
26564bf03f4055aafa41
Checksum after pubkey: 7852ee1878c7bd54c0c5b328c0518ceda8ad0340 Checksum after SPAKEChallenge: 145fbe58e8bd6bf84627
df10ee9954b7849fdc8c
Final checksum after pubkey: f08091064aa5cc32c5660d9a04efb84a1948381b
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020110 303130313030303030305aa703020100a8053003020110
K'[0]: 5410d075499b3b64f17a837ff8861975d97cdf26ae8c13a8 K'[0]: 8fcdad5da81f0b4962e91a67d598a2d9c84fc83b0104c868
K'[1]: 64cd34ad02fefed0f467d55e2ff4946b0431cb40460bda29 K'[1]: abf286ce894523013ba89e3413f7c4ef43c1eca8efa7dadf
K'[2]: 6125fd160b67f7979808c7ab135246702c0d67d55be9923e K'[2]: 6897524c86b5dc5ec7ecc1944cbc1aae7cbcc1643dcd989e
K'[3]: 19d9e91adfd940b392ab40d67fe5a85e97f8d5a1a8348f01 K'[3]: b0a22c32e37902e023192cefada1869b08e69429e9fe0243
RC4 edwards25519 RC4 edwards25519
key: 8846f7eaee8fb117ad06bdd830b7586c key: 8846f7eaee8fb117ad06bdd830b7586c
w: 2713c1583c53861520b849bfef0525cd4fe82215b3ea6fcd896561d48048f40c w: 2713c1583c53861520b849bfef0525cd4fe82215b3ea6fcd896561d48048f40c
x: d9d4654fec8d4819fb40d6bab2c8e0121c441ae614a7b8d92a9219afc3f9900a x: c8a62e7b626f44cad807b2d695450697e020d230a738c5cd5691cc781dce8754
y: c39faf42028ef10fba4d16cee68320eba68e778c499d7eeaa83c98034715fc02 y: 18fe7c1512708c7fd06db270361f04593775bc634ceaf45347e5c11c38aae017
X: 74cce10c08b2f6e2571a7e80a0a035b47f0e0b1b80a44155a4174dff4f8f6774 X: b0bcbbdd25aa031f4608d0442dd4924be7731d49c089a8301859d77343ffb567
Y: adab0adcf18e7ea95a9014374bd1dee64fd7782c5b67c995cd44b20ad1f712e8 Y: 7d1ab8aeda1a2b1f9eab8d11c0fda60b616005d0f37d1224c5f12b8649f579a5
T: 46dc9383672d47c63796912d1092d1dc14cef1c0aaf306caa59afaafac18fa48 T: 7db465f1c08c64983a19f560bce966fe5306c4b447f70a5bca14612a92da1d63
S: e69493aba8f3661fca0781aff5ffecd8f35f477e903d35a6fcd4a277299a3816 S: 38f8d4568090148ebc9fd17c241b4cc2769505a7ca6f3f7104417b72b5b5cf54
K: c489b1a851ed7c3cd6c2a4289591d6ec973263013a8d28261ce4f845110a0acd K: 03e75edd2cd7e7677642dd68736e91700953ac55dc650e3c2a1b3b4acdb800f8
SPAKESupport: a0093007a0053003020101 SPAKESupport: a0093007a0053003020101
Checksum after SPAKESupport: c8bb7fb72f6b142557fd5de9b1b8bb4c Checksum after SPAKESupport: c8bb7fb72f6b142557fd5de9b1b8bb4c
SPAKEChallenge: a1363034a003020101a122042046dc9383672d47c6379691 SPAKEChallenge: a1363034a003020101a12204207db465f1c08c64983a19f5
2d1092d1dc14cef1c0aaf306caa59afaafac18fa48a20930 60bce966fe5306c4b447f70a5bca14612a92da1d63a20930
073005a003020101 073005a003020101
Checksum after SPAKEChallenge: 69d146f2ac5e644d6eb721cd28519dc0 Checksum after SPAKEChallenge: 318afd9874400fffa744bc602615cde8
Checksum after pubkey: 6f0b5d591e98ee3824e7e2b90385de3d Final checksum after pubkey: 0853678dff8b9e5eb855c5e05420790c
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020117 303130313030303030305aa703020100a8053003020117
K'[0]: 741ace018b652387f2c45cc72e3c6eaf K'[0]: 87a50a15f0dbd7c958e5bf1bbffee4f2
K'[1]: 552ab0343b2ca5dba61ca0b37793a015 K'[1]: 1b4a484d4ac7dd18acf5ebc42d8e1b14
K'[2]: 5717b7326e1a8dcb3f11556d9246d976 K'[2]: 8d6b89f491be1b532be6c6e8482328fe
K'[3]: 139dd7e1bfe7cc30a91e86f4e00f256f K'[3]: 425c47073edd4a6f0067f08166d44c7a
AES128 edwards25519 AES128 edwards25519
key: fca822951813fb252154c883f5ee1cf4 key: fca822951813fb252154c883f5ee1cf4
w: 17c2a9030afb7c37839bd4ae7fdfeb179e99e710e464e62f1fb7c9b67936f30b w: 17c2a9030afb7c37839bd4ae7fdfeb179e99e710e464e62f1fb7c9b67936f30b
x: ca974053ebea21b4e833d7deccbc1f10ccc5e9304fc1c1ea4f624891c5321807 x: 50be049a5a570fa1459fb9f666e6fd80602e4e87790a0e567f12438a2c96c138
y: f7ee153d6c05a8cdd2b7b0f733837a247d2b9dcdc163018b4422ae72b83deb02 y: b877afe8612b406d96be85bd9f19d423e95be96c0e1e0b5824127195c3ed5917
X: 30786a5754047d939f98e13f6fb3f352cf89c3cda326e4269c502bcdb29137e0 X: e73a443c678913eb4a0cad5cbd3086cf82f65a5a91b611e01e949f5c52efd6dd
Y: f5e82d4295cee37147d9b049d29738b846ab3474fc63c02ee57c7140eed5979a Y: 473c5b44ed2be9cb50afe1762b535b3930530489816ea6bd962622cccf39f6e8
T: 1aeb6ef3ea5028d0f9fb3780599234aa3fddea33ca6f554a8b1cb9f338f6eca8 T: 9e9311d985c1355e022d7c3c694ad8d6f7ad6d647b68a90b0fe46992818002da
S: a5e731c0d9a73a49deb8ac2125d89927ea378012b6e8aa114e68d314860e68fe S: fbe08f7f96cd5d4139e7c9eccb95e79b8ace41e270a60198c007df18525b628e
K: ee96a6407b4379b0ca7242219d98fb27d3430eb6e997f333dd27f05da5a7a804 K: c2f7f99997c585e6b686ceb62db42f17cc70932def3bb4cf009e36f22ea5473d
SPAKESupport: a0093007a0053003020101 SPAKESupport: a0093007a0053003020101
Checksum after SPAKESupport: ce5052873534f00424e38897 Checksum after SPAKESupport: ce5052873534f00424e38897
SPAKEChallenge: a1363034a003020101a12204201aeb6ef3ea5028d0f9fb37 SPAKEChallenge: a1363034a003020101a12204209e9311d985c1355e022d7c
80599234aa3fddea33ca6f554a8b1cb9f338f6eca8a20930 3c694ad8d6f7ad6d647b68a90b0fe46992818002daa20930
073005a003020101 073005a003020101
Checksum after SPAKEChallenge: a0cfeee54b5dd9f4707c2167 Checksum after SPAKEChallenge: 9c46dbbaa67fe262585e68f4
Checksum after pubkey: cdc77b01d9b0c4b0dfc56227 Final checksum after pubkey: 9eb1f4db71208adad0d6d9f1
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020111 303130313030303030305aa703020100a8053003020111
K'[0]: 8cac5d0d7cbd1482e5adc141059957ea K'[0]: 50de22f3b9cd6cd283b23396870ca246
K'[1]: 24f8217603d6ea9519f3d7013d29a547 K'[1]: b8e433cef3a84fff59f683b5206d3c86
K'[2]: f9b1ef3f0ad56f04a3fcd4d10a9fa54d K'[2]: 3c96a2da9575a297c4e831fe2ae625d8
K'[3]: c69d0d5204496487c7beb7600146b384 K'[3]: 54ef2f63b25f66aed65f3d6c77030c6a
AES256 edwards25519 AES256 edwards25519
key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1 key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1
w: 35b35ca126156b5bf4ec8b90e9545060f2108f1b6aa97b381012b9400c9e3f0e w: 35b35ca126156b5bf4ec8b90e9545060f2108f1b6aa97b381012b9400c9e3f0e
x: d11898149ec443fe2219ef5160b805e0d66508828e117bff8b32ceeec03ca80f x: 88c6c0a4f0241ef217c9788f02c32d00b72e4310748cd8fb5f94717607e6417d
y: 1137eb1beb9d2b4db7d91f8d03eb844a7d35e1b44998f31f6a16258c67e4a50a y: 88b859df58ef5c69bacdfe681c582754eaab09a74dc29cff50b328613c232f55
X: d95d62d3bfd3d7b7b18e7dad3a86abe92c59927327bf4da0787bb04f4d1076b2 X: 23c48eaff2721051946313840723b38f563c59b92043d6ffd752f95781af0327
Y: 7482c6fdcd2a1717d7a4cdec56cf6e6d1f4663d69477d293c014fd148e2eb5cb Y: 3d51486ec1d9be69bc45386bb675c013db87fd0488f6a9cacf6b43e8c81a0641
T: 5c09d3507551adaa8bd6099bda92090a7ba0f92a24100101948332331b225ceb T: 6f301aacae1220e91be42868c163c5009aeea1e9d9e28afcfc339cda5e7105b5
S: 3f7a09276fa650e5c9d855eb412b87784b92f1c8c235503ea107b5c1d6434354 S: 9e2cc32908fc46273279ec75354b4aeafa70c3d99a4d507175ed70d80b255dda
K: 202e57295aef245c3aa535e10de31edf8728887081f22a2752193bd082adb10d K: cf57f58f6e60169d2ecc8f20bb923a8e4c16e5bc95b9e64b5dc870da7026321b
SPAKESupport: a0093007a0053003020101 SPAKESupport: a0093007a0053003020101
Checksum after SPAKESupport: 14b16e16da078fab9830a66c Checksum after SPAKESupport: 14b16e16da078fab9830a66c
SPAKEChallenge: a1363034a003020101a12204205c09d3507551adaa8bd609 SPAKEChallenge: a1363034a003020101a12204206f301aacae1220e91be428
9bda92090a7ba0f92a24100101948332331b225ceba20930 68c163c5009aeea1e9d9e28afcfc339cda5e7105b5a20930
073005a003020101 073005a003020101
Checksum after SPAKEChallenge: 6318b92b6540bae5d18a5454 Checksum after SPAKEChallenge: 667e82727168d0fef248c926
Checksum after pubkey: 926d71c006fe53fa8bb50105 Final checksum after pubkey: 32bf15d0606762b6411a0f68
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: 0f69df747af8f060d3013f545ceefafe K'[0]: 9463038f091c0aed6f8186224b7da5cf
9aca4784fc0983f1e343698457e499f9 24557bf5c7fd6fe35526ce34a9eb5b05
K'[1]: f8f39aca22a32f1500c21a8ad47af00f K'[1]: 1900e226176d6730e9e4c1bf342fd954
02db1ec84c4cf72b4d7c9c65999b5175 df3fc65790f8c267c89b4a3026d0d164
K'[2]: 623edb38085c0c35c9832ec3ef0cc976 K'[2]: b025fb4103dc29f233640540627331e1
502e47dd5d4438013c9bfaf67d2febb5 b567c1a7f5a3a00d800c70f0ef213804
K'[3]: d697c2d57c868a4494eee568f29aa003 K'[3]: 840e2280e4d4c61c44c057e2c7c92207
d7223994caf1b18c7cc936cf45e7d453 041dd205bd76b6dc50c9add16cc76c7b
AES256 P-256 AES256 P-256
key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1 key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1
w: eb2984af18703f94dd5288b8596cd36988d0d4e83bfb2b44de14d0e95e2090bd w: eb2984af18703f94dd5288b8596cd36988d0d4e83bfb2b44de14d0e95e2090bd
x: 935ddd725129fb7c6288e1a5cc45782198a6416d1775336d71eacd0549a3e80e x: 935ddd725129fb7c6288e1a5cc45782198a6416d1775336d71eacd0549a3e80e
y: e07405eb215663abc1f254b8adc0da7a16febaa011af923d79fdef7c42930b33 y: e07405eb215663abc1f254b8adc0da7a16febaa011af923d79fdef7c42930b33
X: 03bc802165aea7dbd98cc155056249fe0a37a9c203a7c0f7e872d5bf687bd105e2 X: 03bc802165aea7dbd98cc155056249fe0a37a9c203a7c0f7e872d5bf687bd105e2
Y: 0340b8d91ce3852d0a12ae1f3e82c791fc86df6b346006431e968a1b869af7c735 Y: 0340b8d91ce3852d0a12ae1f3e82c791fc86df6b346006431e968a1b869af7c735
T: 024f62078ceb53840d02612195494d0d0d88de21feeb81187c71cbf3d01e71788d T: 024f62078ceb53840d02612195494d0d0d88de21feeb81187c71cbf3d01e71788d
S: 021d07dc31266fc7cfd904ce2632111a169b7ec730e5f74a7e79700f86638e13c8 S: 021d07dc31266fc7cfd904ce2632111a169b7ec730e5f74a7e79700f86638e13c8
K: 0268489d7a9983f2fde69c6e6a1307e9d252259264f5f2dfc32f58cca19671e79b K: 0268489d7a9983f2fde69c6e6a1307e9d252259264f5f2dfc32f58cca19671e79b
SPAKESupport: a0093007a0053003020102 SPAKESupport: a0093007a0053003020102
Checksum after SPAKESupport: 61f93e7f998dec5f54cac55c Checksum after SPAKESupport: 61f93e7f998dec5f54cac55c
SPAKEChallenge: a1373035a003020102a1230421024f62078ceb53840d0261 SPAKEChallenge: a1373035a003020102a1230421024f62078ceb53840d0261
2195494d0d0d88de21feeb81187c71cbf3d01e71788da209 2195494d0d0d88de21feeb81187c71cbf3d01e71788da209
30073005a003020101 30073005a003020101
Checksum after SPAKEChallenge: 949916036d3c524608533206 Checksum after SPAKEChallenge: 949916036d3c524608533206
Checksum after pubkey: 1024bfe60a1e22b5bf2838c3 Final checksum after pubkey: 1024bfe60a1e22b5bf2838c3
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: b3a882eccd2f31df46880f6235522a4d K'[0]: b3a882eccd2f31df46880f6235522a4d
87523a34442547778c46780f5b35800a 87523a34442547778c46780f5b35800a
K'[1]: 6e18ebfd20a9a05af11b320eaab15870 K'[1]: 6e18ebfd20a9a05af11b320eaab15870
93f3e21a5efcb261307786661330344d 93f3e21a5efcb261307786661330344d
K'[2]: 11e1a36e87c729a89bbda12cfa15652f K'[2]: 11e1a36e87c729a89bbda12cfa15652f
skipping to change at page 28, line 11 skipping to change at page 28, line 13
S: 020d5adfdb92bc377041cf5837412574c5d13e0f4739208a4f0c859a0a302bc6 S: 020d5adfdb92bc377041cf5837412574c5d13e0f4739208a4f0c859a0a302bc6
a533440a245b9d97a0d34af5016a20053d a533440a245b9d97a0d34af5016a20053d
K: 0264aa8c61da9600dfb0beb5e46550d63740e4ef29e73f1a30d543eb43c25499 K: 0264aa8c61da9600dfb0beb5e46550d63740e4ef29e73f1a30d543eb43c25499
037ad16538586552761b093cf0e37c703a 037ad16538586552761b093cf0e37c703a
SPAKESupport: a0093007a0053003020103 SPAKESupport: a0093007a0053003020103
Checksum after SPAKESupport: a0024c7b5ff667ae074a9988 Checksum after SPAKESupport: a0024c7b5ff667ae074a9988
SPAKEChallenge: a1473045a003020103a133043102a1524603ef14f184696f SPAKEChallenge: a1473045a003020103a133043102a1524603ef14f184696f
854229d3397507a66c63f841ba748451056be07879ac2989 854229d3397507a66c63f841ba748451056be07879ac2989
12387b1c5cdff6381c264701be57a20930073005a003020101 12387b1c5cdff6381c264701be57a20930073005a003020101
Checksum after SPAKEChallenge: ecd0f64ed7c0d4e18fa4c5b4 Checksum after SPAKEChallenge: ecd0f64ed7c0d4e18fa4c5b4
Checksum after pubkey: a238108c88afd856f04d3aa5 Final checksum after pubkey: a238108c88afd856f04d3aa5
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: ff59fb5fb83c7bafe197b62c853eb7c3 K'[0]: ff59fb5fb83c7bafe197b62c853eb7c3
a2902301dfe8326851626a0e9c714c47 a2902301dfe8326851626a0e9c714c47
K'[1]: e3c741ac7041feed0f0b5c36cb74c179 K'[1]: e3c741ac7041feed0f0b5c36cb74c179
cb565e509b6d65594d0badafe318c4dc cb565e509b6d65594d0badafe318c4dc
K'[2]: 9c7a73087f22b52db38a14eb8292df61 K'[2]: 9c7a73087f22b52db38a14eb8292df61
skipping to change at page 29, line 4 skipping to change at page 29, line 6
3bb082 3bb082
T: 02017d3de19a3ec53d0174905665ef37947d142535102cd9809c0dfbd0dfe007 T: 02017d3de19a3ec53d0174905665ef37947d142535102cd9809c0dfbd0dfe007
353d54cf406ce2a59950f2bb540df6fbe75f8bbbef811c9ba06cc275adbd9675 353d54cf406ce2a59950f2bb540df6fbe75f8bbbef811c9ba06cc275adbd9675
6696ec 6696ec
S: 02004d142d87477841f6ba053c8f651f3395ad264b7405ca5911fb9a55abd454 S: 02004d142d87477841f6ba053c8f651f3395ad264b7405ca5911fb9a55abd454
fef658a5f9ed97d1efac68764e9092fa15b9e0050880d78e95fd03abf5931791 fef658a5f9ed97d1efac68764e9092fa15b9e0050880d78e95fd03abf5931791
6822b5 6822b5
K: 03007c303f62f09282cc849490805bd4457a6793a832cbeb55df427db6a31e99 K: 03007c303f62f09282cc849490805bd4457a6793a832cbeb55df427db6a31e99
b055d5dc99756d24d47b70ad8b6015b0fb8742a718462ed423b90fa3fe631ac1 b055d5dc99756d24d47b70ad8b6015b0fb8742a718462ed423b90fa3fe631ac1
3fa916 3fa916
SPAKESupport: a0093007a0053003020104 SPAKESupport: a0093007a0053003020104
Checksum after SPAKESupport: 1b69d116036e141e45d4f7d7 Checksum after SPAKESupport: 1b69d116036e141e45d4f7d7
SPAKEChallenge: a1593057a003020104a145044302017d3de19a3ec53d0174 SPAKEChallenge: a1593057a003020104a145044302017d3de19a3ec53d0174
905665ef37947d142535102cd9809c0dfbd0dfe007353d54 905665ef37947d142535102cd9809c0dfbd0dfe007353d54
cf406ce2a59950f2bb540df6fbe75f8bbbef811c9ba06cc2 cf406ce2a59950f2bb540df6fbe75f8bbbef811c9ba06cc2
75adbd96756696eca20930073005a003020101 75adbd96756696eca20930073005a003020101
Checksum after SPAKEChallenge: cac3da1e9ab1261723ece823 Checksum after SPAKEChallenge: cac3da1e9ab1261723ece823
Checksum after pubkey: 654493ca7e47f3c5200f4b84 Final checksum after pubkey: 654493ca7e47f3c5200f4b84
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: c91635dfd1de3884b635b58b30d3cfd5 K'[0]: c91635dfd1de3884b635b58b30d3cfd5
26fe78f8dade6f19e4eb2fb23ef594ca 26fe78f8dade6f19e4eb2fb23ef594ca
K'[1]: 03d38e139bb3f66cc76c5da720f3bf11 K'[1]: 03d38e139bb3f66cc76c5da720f3bf11
4280f64ed708e69e96094bb62aa28f32 4280f64ed708e69e96094bb62aa28f32
K'[2]: 515eaa3c45b08bc9d77468059e64a8e1 K'[2]: 515eaa3c45b08bc9d77468059e64a8e1
96cfcd15db92ad431cae5edbe721d07e 96cfcd15db92ad431cae5edbe721d07e
K'[3]: 898ae786e58391d8a00eb7a7cbddd005 K'[3]: 898ae786e58391d8a00eb7a7cbddd005
3aff9147b42a3076d934608e70a6f0ff 3aff9147b42a3076d934608e70a6f0ff
AES256 edwards25519 with accepted optimistic challenge AES256 edwards25519 with accepted optimistic challenge
key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1 key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1
w: 35b35ca126156b5bf4ec8b90e9545060f2108f1b6aa97b381012b9400c9e3f0e w: 35b35ca126156b5bf4ec8b90e9545060f2108f1b6aa97b381012b9400c9e3f0e
x: 6e52ee8086e995770ab9140a6e3cb39870f9d51900d706b381fafcfca955850c x: 70937207344cafbc53c8a55070e399c584cbafce00b836980dd4e7e74fad2a64
y: af0b2d4034a9011e0552c7986813e2eb057e3b71ab2465aa59f8c02c492a6c00 y: 785d6801a2490df028903ac6449b105f2ff0db895b252953cdc2076649526103
X: aa5229fe8f321388ed3b491f2fa72dc71a1ae0fec2cd3a965076230612d690bb X: 13841224ea50438c1d9457159d05f2b7cd9d05daf154888eeed223e79008b47c
Y: e02e82965f8159f12b581bb6ccbb7e13a08d2950f1ad88734581d1634ba00029 Y: d01fc81d5ce20d6ea0939a6bb3e40ccd049f821baaf95e323a3657309ef75d61
T: 34a986c6301cd22dfc7e693ca1701ce0272e735c549056dbd6796282f55df4bb T: 83523b35f1565006cbfc4f159885467c2fb9bc6fe23d36cb1da43d199f1a3118
S: deae3975cc2319c9aa1747527fd8a82a7f09d3de363695beb537050fb71867f9 S: 2a8f70f46cee9030700037b77f22cec7970dcc238e3e066d9d726baf183992c6
K: 96f99e03cf272219ef406c8b4dd1f067f04c08a3c5bc59f17047337cb9e3aba7 K: d3c5e4266aa6d1b2873a97ce8af91c7e4d7a7ac456acced7908d34c561ad8fa6
SPAKEChallenge: a1363034a003020101a122042034a986c6301cd22dfc7e69 SPAKEChallenge: a1363034a003020101a122042083523b35f1565006cbfc4f
3ca1701ce0272e735c549056dbd6796282f55df4bba20930 159885467c2fb9bc6fe23d36cb1da43d199f1a3118a20930
073005a003020101 073005a003020101
Checksum after SPAKEChallenge: c757f735cbf0a4b2b9919eb4 Checksum after SPAKEChallenge: 0b1dc2059f7411b639295982
Checksum after pubkey: 12bb1d11bd225e3b93212802 Final checksum after pubkey: 3990d78eb0abc055d1f69fcb
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: 28add62799076c5cd996db4660b0f8b5 K'[0]: 1e9b04bdbdaaffb340aa09c6cdf560fa
685ec8f669fb3d19cbb2dc9efa2761e3 dcaadb7cb8762b22cd6e7c96753090b7
K'[1]: 7df1db9587d473bf7f82259afc5758e2 K'[1]: 7b959d40bd6c517a89278b008cf314e5
ed3968c1f4cefe70c4d446086c45f588 d947b181a3251d2832ab61a21c40d484
K'[2]: bb8817c50846ed064701cc809fceedfa
8eb9e95cf4868eab8e42e6155928f35e
K'[3]: 5e521d6dc898d3737e5c1d8039a8cb56 K'[2]: 3e484bb86ab7f4ffc4b80a6f6d79692c
306270ab6fd58c59ec3db3a392605a82 55daf2b78654b38c7f1d37b1d688d1f3
K'[3]: 23a331ddf33211859b82502295b0be4b
23a56057b77356d62a13985ca573dae1
AES256 P-521 with rejected optimistic edwards25519 challenge AES256 P-521 with rejected optimistic edwards25519 challenge
key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1 key: 01b897121d933ab44b47eb5494db15e50eb74530dbdae9b634d65020ff5d88c1
w: 003a095a2b2386eff3eb15b735398da1caf95bc8425665d82370aff58b0471f3 w: 003a095a2b2386eff3eb15b735398da1caf95bc8425665d82370aff58b0471f3
4cce63791cfed967f0c94c16054b3e1703133681bece1e05219f5426bc944b0f 4cce63791cfed967f0c94c16054b3e1703133681bece1e05219f5426bc944b0f
bfb3 bfb3
x: 01687b59051bf40048d7c31d5a973d792fa12284b7a447e7f5938b5885ca0bb2 x: 01687b59051bf40048d7c31d5a973d792fa12284b7a447e7f5938b5885ca0bb2
c3f0bd30291a55fea08e143e2e04bdd7d19b753c7c99032f06cab0d9c2aa8f83 c3f0bd30291a55fea08e143e2e04bdd7d19b753c7c99032f06cab0d9c2aa8f83
7ef7 7ef7
y: 01ded675ebf74fe30c9a53710f577e9cf84f09f6048fe245a4600004884cc167 y: 01ded675ebf74fe30c9a53710f577e9cf84f09f6048fe245a4600004884cc167
skipping to change at page 30, line 34 skipping to change at page 30, line 36
be2f1f be2f1f
T: 02014cb2e5b592ece5990f0ef30d308c061de1598bc4272b4a6599bed466fd15 T: 02014cb2e5b592ece5990f0ef30d308c061de1598bc4272b4a6599bed466fd15
21693642abcf4dbe36ce1a2d13967de45f6c4f8d0fa8e14428bf03fb96ef5f1e 21693642abcf4dbe36ce1a2d13967de45f6c4f8d0fa8e14428bf03fb96ef5f1e
d3e645 d3e645
S: 02016c64995e804416f748fd5fa3aa678cbc7cbb596a4f523132dc8af7ce84e5 S: 02016c64995e804416f748fd5fa3aa678cbc7cbb596a4f523132dc8af7ce84e5
41f484a2c74808c6b21dcf7775baefa6753398425becc7b838b210ac5daa0cb0 41f484a2c74808c6b21dcf7775baefa6753398425becc7b838b210ac5daa0cb0
b710e2 b710e2
K: 0200997f4848ae2e7a98c23d14ac662030743ab37fccc2a45f1c721114f40bcc K: 0200997f4848ae2e7a98c23d14ac662030743ab37fccc2a45f1c721114f40bcc
80fe6ec6aba49868f8aea1aa994d50e81b86d3e4d3c1130c8695b68907c673d9 80fe6ec6aba49868f8aea1aa994d50e81b86d3e4d3c1130c8695b68907c673d9
e5886a e5886a
Optimistic SPAKEChallenge: a1363034a003020102a1220420ffc334 Optimistic SPAKEChallenge: a1363034a003020102a122042047ca8c
3df010544de2e3aa1d8573ebb5a5a960 24c3a4a70b6eca228322529dadcfa85c
d5e6a44c151610e12874155be3a20930 f58faceecf5d5c02907b9e2deba20930
073005a003020101 073005a003020101
Checksum after optimist SPAKEChallenge: 8d319e6c9799f1d52545a571 Checksum after optimist SPAKEChallenge: 57eff4df899bc520010deb48
SPAKESupport: a0093007a0053003020104 SPAKESupport: a0093007a0053003020104
Checksum after SPAKESupport: 4ae061f319946f2a8bed3f77 Checksum after SPAKESupport: c2fe6c3c142c207d0bdbdd9c
SPAKEChallenge: a1593057a003020104a145044302014cb2e5b592ece5990f SPAKEChallenge: a1593057a003020104a145044302014cb2e5b592ece5990f
0ef30d308c061de1598bc4272b4a6599bed466fd15216936 0ef30d308c061de1598bc4272b4a6599bed466fd15216936
42abcf4dbe36ce1a2d13967de45f6c4f8d0fa8e14428bf03 42abcf4dbe36ce1a2d13967de45f6c4f8d0fa8e14428bf03
fb96ef5f1ed3e645a20930073005a003020101 fb96ef5f1ed3e645a20930073005a003020101
Checksum after SPAKEChallenge: 169d594dfe425e7b6bd494aa Checksum after SPAKEChallenge: c78a00b2d896b73dbed4969b
Checksum after pubkey: 12191866bc5d6b92676aa83b Final checksum after pubkey: 80a1da254a44641e0223a944
KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009 KDC-REQ-BODY: 3075a00703050000000000a1143012a003020101a10b3009
1b077261656275726ea2101b0e415448454e412e4d49542e 1b077261656275726ea2101b0e415448454e412e4d49542e
454455a3233021a003020102a11a30181b066b7262746774 454455a3233021a003020102a11a30181b066b7262746774
1b0e415448454e412e4d49542e454455a511180f31393730 1b0e415448454e412e4d49542e454455a511180f31393730
303130313030303030305aa703020100a8053003020112 303130313030303030305aa703020100a8053003020112
K'[0]: 0ed9e6e9fcc30d9fcd5163c520ce0b58 K'[0]: 567cb2ee046cc10cd29cd5bbe5998e5c
47772b94ba684d786b46a0fdd2b79364 d4fca318075981087400c32c55299697
K'[1]: 981037863dd4049823a59213b68a0b60 K'[1]: 57535deb12a3bcaac8389957d9065ee5
78e8140a3a921273aa6c777c858504ed 51a869148de1f457b232e12055ee9efa
K'[2]: d1bb237ea8df724265d21c8dc2080db0 K'[2]: 6d18f714b69242f1e556b2819f895926
3d1949a07fab64f4a149aa936b1e4d2e 9ee0da5b014785b4f1fabb3b7318b70c
K'[3]: 7ed29c8842536cc61be9814747e99ba2 K'[3]: a1d86d7d091800f191884e501974fa32
b20686d26e2bf9f6dbedae011f8d069b ca513a520197866d7c57e5c1296319e6
Appendix D. Acknowledgements Appendix D. Acknowledgements
Nico Williams (Cryptonector) Nico Williams (Cryptonector)
Taylor Yu (MIT) Taylor Yu (MIT)
Authors' Addresses Authors' Addresses
Nathaniel McCallum Nathaniel McCallum
Red Hat, Inc. Red Hat, Inc.
 End of changes. 39 change blocks. 
121 lines changed or deleted 117 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/