RE: SRP vs PKI for authentication

[Black_David@emc.com]

Such is life.  The alternative of allowing implementers to choose
to implement one of SRP or PKI as the "MUST" mechanism results in
an implementation that chooses SRP and doesn't implement PKI failing
to interoperate with an implementation that chooses PKI and doesn't
implement SRP.  This is not acceptable, hence there has to be at least
one "MUST" mechanism that everyone has to implement.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

> -----Original Message-----
> From: VAHUJA@aol.com [mailto:VAHUJA@aol.com]
> Sent: Friday, November 16, 2001 9:45 PM
> To: Black_David@emc.com
> Cc: ips@ece.cmu.edu
> Subject: Re: SRP vs PKI for authentication
> 
> 
> David,
> I understand your and Ofer's views. But lets view from 
> another point. For the 
> same storage network, we may potentially have PKI as the choice for 
> authentication for one part, and SRP for another. There are 
> ways to simplify 
> built-in PKI for storage networks as being applied for FC 
> security (I expect 
> you dont need an RA or a CA, and the trust hierarchy is left to the 
> customer). So for those networks that want to ONLY 
> authenticate entities in 
> storage networks, we may potentially have two schemes that "MUST"  be 
> implemented. 
>