PKEX
draft-harkins-pkex-00

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2016-09-12
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Research Task Force                                     Harkins
Internet-Draft                                             HP Enterprise
Intended status: Informational                        September 12, 2016
Expires: March 16, 2017

                                  PKEX
                         draft-harkins-pkex-00

Abstract

   This memo describes a password-authenticated protocol to allow two
   devices to exchange "raw" (uncertified) public keys and establish
   trust that the keys belong to their respective identities.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 16, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Harkins                  Expires March 16, 2017                 [Page 1]
Internet-Draft             Public Key Exchange            September 2016

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
     1.2.  Notation  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Properties  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Assumptions . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Protocol Definition . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Exchange Phase  . . . . . . . . . . . . . . . . . . . . .   5
     4.2.  Commit Phase  . . . . . . . . . . . . . . . . . . . . . .   5
     4.3.  Reveal Phase  . . . . . . . . . . . . . . . . . . . . . .   6
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Appendix A.  Appendix . . . . . . . . . . . . . . . . . . . . . .   9
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   Many authenticated key exchange protocols allow for authentication
   using uncertified, or "raw", public keys, for example TLS
   ([RFC7250]), or IKEv2 ([RFC7670]) Usually these specifications state
   that "establishing trust in raw public keys is outside the scope of
   this standard."  The Public Key Exchange (PKEX) is designed to fill
   that gap and enable the establishment of trust in public keys that
   can subsequently be used to faccilitate authentication in other
   authentication and key exchange protocols.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

1.2.  Notation

   This memo describes a cryptographic exchange using sets of elements
   called groups.  Groups can be either traditional finite field or can
   be based on elliptic curves.  The public keys exchanged by PKEX are
   elements in a group.  Elements in groups are denoted in upper-case
   and scalar values are denoted with lower-case.  The generator of the
   group is G.

   When both the initator and responder use a similar, but unique, datum
   it is denoted by appending an "i" for initiator or "r" for responder,

Harkins                  Expires March 16, 2017                 [Page 2]
Internet-Draft             Public Key Exchange            September 2016

   e.g. if each side needs an element C then the initiator's is Ci and
   the responder's is Cr.

   During the exchange, one side will generate data and the other side
   will attempt to reconstruct it.  The reconstructed data is "primed".
Show full document text