-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some corrections to the text #438
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with some nits
draft-irtf-cfrg-opaque.md
Outdated
clients to safely store and retrieve arbitrary application data on servers | ||
using only their password. | ||
using only their passwords. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
using only their passwords. | |
using only their password. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not native in English so it's very probable that my suggestion comes from another language.
But does putting the singular to password not mean something like "the one password that all the clients have" instead of "the password of each client"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is best left singular, agree with Chris's suggestion here
Co-authored-by: Christopher Wood <caw@heapingbits.net>
Co-authored-by: Christopher Wood <caw@heapingbits.net>
draft-irtf-cfrg-opaque.md
Outdated
@@ -1923,7 +1923,7 @@ protocols such as TLS. | |||
The specification as written here differs from the original cryptographic design in {{JKX18}} | |||
and the corresponding CFRG document {{I-D.krawczyk-cfrg-opaque-03}}, both of which were used | |||
as input to the CFRG PAKE competition. This section describes these differences, including | |||
their motivation and explanation as to why they preserve the provable security of OPAQUE based | |||
their motivation and explanation as to why they preserve the provable security of OPAQUE-based |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this change should be reverted
@@ -2233,7 +2233,7 @@ message for an unregistered client if these client enumeration attacks can | |||
be mitigated through other application-specific means or are otherwise not | |||
applicable for their threat model. | |||
|
|||
OPAQUE does not prevent against this type of attack during the registration flow. | |||
OPAQUE does not prevent this type of attack during the registration flow. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a better change would be "protect against"
draft-irtf-cfrg-opaque.md
Outdated
clients to safely store and retrieve arbitrary application data on servers | ||
using only their password. | ||
using only their passwords. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is best left singular, agree with Chris's suggestion here
draft-irtf-cfrg-opaque.md
Outdated
@@ -329,7 +329,7 @@ as a "compiler" for transforming any suitable AKE protocol into a secure | |||
aPAKE protocol. (See {{security-considerations}} for requirements of the | |||
OPRF and AKE protocols.) This document specifies one OPAQUE instantiation | |||
based on {{TripleDH}}. Other instantiations are possible, as discussed in | |||
{{alternate-akes}}, but their details are out of scope for this document. | |||
{{alternate-akes}}, but their details are out of the scope of this document. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would revert this change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went ahead and addressed the comments I left with a commit, so I am approving now!
As I was rereading the draft, I saw a couple of mistakes and missing spaces. So I ran the text through a corrector that found some other suggestions.