Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[STDS-802-11] TGmd CIDs 1056, and 1057.. REJECT



--- This message came from the IEEE 802.11 Working Group Reflector ---

 

  Hello,

 

  CIDs 1056 and 1057 deal with the SAE Password Identifier that was added to the REVmd

draft in January (11-18/0202r3). CID 1056 raises a privacy concern since the Password

Identifier is passed in the clear and CID 1057 requests a generation technique for identifiers.

Both CIDs state that the "commenter will bring a contribution." Document 11-18/0867r0

is by the commenter(s) and proposes resolution to both CIDs. Unfortunately, the proposed

solution will gut the security of the standard.

 

  SAE was very carefully designed to be resistant to dictionary attack and the proposed

resolution to these CIDs adds in a dictionary attack against SAE. And if that isn't bad enough,

the dictionary attack it introduces is *three orders of magnitude faster* than the dictionary

attack against PSK mode. This is profoundly bad idea that should be rejected.

 

  The case for the privacy concern was not adequately brought, in my opinion, and the use

case for the Password Identifier does not really introduce any new privacy issues.

 

  For these two reasons—lack of a clear problem, solution that destroys security—I propose

that CIDs 1056 and 1057 be rejected. If text is needed to add to the comment spreadsheet to

justify rejection I think it can be cobbled together from the paragraphs above and I would be

happy to do such cobbling if need be.

 

  regards,

 

  Dan.

 

 


To unsubscribe from the STDS-802-11 list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11&A=1