|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: New draft relevant to SRPDavid Jablon wrote: > > A new draft that is relevant to the SRP authentication protocol > is available at: > http://search.ietf.org/internet-drafts/draft-jablon-speke-00.txt > > SRP, as defined in RFC2945, and referenced in draft-ietf-ips-security-11.txt, > has technical and IP issues, that are addressed in this draft. The SPEKE techniques are, to my knowledge, patent-encumbered and non-free, whereas SRP has a free patent license from Stanford and IP issues that are nearing resolution. It seems that presenting these techniques as fixes to "issues" with SRP (instead of as a supplement) is misleading in this context. Unless SPEKE, or some variant thereof, is made available under a license as liberal as the SRP license, it seems that it would be more appropriate to consider it for a future optional authentication method, as opposed to a mandatory one. > Title : The SPEKE Password-Based Key Agreement Methods > Author(s) : D. Jablon > Filename : draft-jablon-speke-00.txt > Pages : 25 > Date : 13-Feb-02 > > This document describes SPEKE, B-SPEKE, and SRP-4, three methods for > password-based key agreement and authentication. In the same class of > techniques as SRP-3 [RFC 2945], these methods provide a zero-knowledge > proof of a password and authenticate session keys over an unprotected > channel, with minimal dependency on infrastructure and proper user > behavior. These methods are compatible with IEEE 1363 and ANSI X9 > standards, and are closely aligned with RFC 2945 from an application > perspective. They are also based on different fundamental techniques than > earlier patented alternatives, providing an expanded set of choices for > convenient and secure personal authentication over the Internet. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-jablon-speke-00.txt > > -- David > > --------------------------------------------------- > David Jablon > dpj@world.std.com > tel: 508 898 9024 Tom -- Tom Wu Principal Software Engineer Arcot Systems (408) 969-6124 "The Borg? Sounds Swedish..."
Home Last updated: Fri Mar 08 11:18:29 2002 9042 messages in chronological order |