Network Working Group                                           P. Mutaf
Internet-Draft                                     Institut National des
                                                      Telecommunications
Expires: May 19, 2008                                  November 16, 2007


                     Dictionary-based Key Exchange
                         draft-mutaf-dke-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on May 19, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   A dictionary-based key exchange protocol is proposed.  Two mobile
   host users that physically meet each other can use this protocol to
   authenticate each other.  PKI nor certificates are not needed.








Mutaf                     Expires May 19, 2008                  [Page 1]

Internet-Draft        Dictionary-based Key Exchange        November 2007


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Protocol description  . . . . . . . . . . . . . . . . . . . . . 3
   3.  Security considerations . . . . . . . . . . . . . . . . . . . . 3
   4.  IANA considerations . . . . . . . . . . . . . . . . . . . . . . 4
   5.  Conclusion  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
   6.  Informative References  . . . . . . . . . . . . . . . . . . . . 4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 4
   Intellectual Property and Copyright Statements  . . . . . . . . . . 5









































Mutaf                     Expires May 19, 2008                  [Page 2]

Internet-Draft        Dictionary-based Key Exchange        November 2007


1.  Introduction

   A dictionary-based key exchange protocol is proposed.  Two mobile
   host users that physically meet each other can use this protocol to
   authenticate each other.  PKI nor certificates are not needed.


2.  Protocol description

   The proposed protocol is briefly described below:


          Initiator              MitM                 Responder

                     Request RSA public key PK
           ----------------------------------------------->
                                  PK
         | <--------------------------------------------
      T  |
         | <========== Read 40-bit fingerprint ============
   human verification
   of 40-bit fingerprint

           -----------------{secret key}PK --------------->

   where
           PK: a one time RSA public key
           ===: voice channel, i.e. responder user tells the fingerprint
                to the initiator user through oral communication.
           MitM: Man in the Middle

                                 Figure 1

   The octets of the fingerprint will typically be mapped to a
   dictionary of easy to pronounce and type well-known words.  For
   example, with a dictionary containing 256 words, each octet can be
   represented with one word in the dictionary, and only 40/8=5 words
   need to be checked.

   In T time units, MitM has to find a PK' giving the same fingerprint
   as PK, and return it to the initiator before PK. 2^40 is large
   enough to assume that the attacker cannot reasonably succeed.


3.  Security considerations

   TBD.




Mutaf                     Expires May 19, 2008                  [Page 3]

Internet-Draft        Dictionary-based Key Exchange        November 2007


4.  IANA considerations

   None.


5.  Conclusion

   This document described a dictionary-based key exchange protocol.
   The idea of human verification of a public key fingerprint is not
   new.  A 40-bit fingerprint is normally too short and considered
   insecure (See for example [SB].).  In the proposed protocol, however,
   the fingerprint is used to authenticate a one-time public key that is
   used to exchange a secret key and possibly other material.


6.  Informative References

   [SB]  McCune, J. and J. McCune, "Seeing is Believing", Proceedings of
         the IEEE Symposium on Security and Privacy, Oakland, CA. May
         2005.


Author's Address

   Pars Mutaf
   Institut National des Telecommunications

   Email: pars.mutaf@gmail.com























Mutaf                     Expires May 19, 2008                  [Page 4]

Internet-Draft        Dictionary-based Key Exchange        November 2007


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Mutaf                     Expires May 19, 2008                  [Page 5]