SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: New draft relevant to SRP



    David Jablon wrote:
    > 
    > A new draft that is relevant to the SRP authentication protocol
    > is available at:
    > http://search.ietf.org/internet-drafts/draft-jablon-speke-00.txt
    > 
    > SRP, as defined in RFC2945, and referenced in draft-ietf-ips-security-11.txt,
    > has technical and IP issues, that are addressed in this draft.
    
    The SPEKE techniques are, to my knowledge, patent-encumbered and
    non-free, whereas SRP has a free patent license from Stanford and IP
    issues that are nearing resolution.  It seems that presenting these
    techniques as fixes to "issues" with SRP (instead of as a supplement) is
    misleading in this context.
    
    Unless SPEKE, or some variant thereof, is made available under a license
    as liberal as the SRP license, it seems that it would be more
    appropriate to consider it for a future optional authentication method,
    as opposed to a mandatory one.
    
    >     Title       : The SPEKE Password-Based Key Agreement Methods
    >     Author(s)   : D. Jablon
    >     Filename    : draft-jablon-speke-00.txt
    >     Pages       : 25
    >     Date        : 13-Feb-02
    > 
    > This document describes SPEKE, B-SPEKE, and SRP-4, three methods for
    > password-based key agreement and authentication. In the same class of
    > techniques as SRP-3 [RFC 2945], these methods provide a zero-knowledge
    > proof of a password and authenticate session keys over an unprotected
    > channel, with minimal dependency on infrastructure and proper user
    > behavior. These methods are compatible with IEEE 1363 and ANSI X9
    > standards, and are closely aligned with RFC 2945 from an application
    > perspective. They are also based on different fundamental techniques than
    > earlier patented alternatives, providing an expanded set of choices for
    > convenient and secure personal authentication over the Internet.
    > 
    > A URL for this Internet-Draft is:
    > http://www.ietf.org/internet-drafts/draft-jablon-speke-00.txt
    > 
    > -- David
    > 
    > ---------------------------------------------------
    > David Jablon
    > dpj@world.std.com
    > tel: 508 898 9024
    
    Tom
    -- 
    Tom Wu
    Principal Software Engineer
    Arcot Systems
    (408) 969-6124
    "The Borg?  Sounds Swedish..."
    


Home

Last updated: Fri Mar 08 11:18:29 2002
9042 messages in chronological order