Re: New draft relevant to SRP

To: David Jablon <dpj@world.std.com>, ips@ece.cmu.edu
Subject: Re: New draft relevant to SRP
From: Tom Wu <tom@arcot.com>
Date: Thu, 07 Mar 2002 15:31:07 -0800
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Organization: Arcot Systems
References: <5.1.0.14.0.20020307203102.00a246a0@pop.theworld.com>
Sender: owner-ips@ece.cmu.edu

David Jablon wrote:
> 
> A new draft that is relevant to the SRP authentication protocol
> is available at:
> http://search.ietf.org/internet-drafts/draft-jablon-speke-00.txt
> 
> SRP, as defined in RFC2945, and referenced in draft-ietf-ips-security-11.txt,
> has technical and IP issues, that are addressed in this draft.

The SPEKE techniques are, to my knowledge, patent-encumbered and
non-free, whereas SRP has a free patent license from Stanford and IP
issues that are nearing resolution.  It seems that presenting these
techniques as fixes to "issues" with SRP (instead of as a supplement) is
misleading in this context.

Unless SPEKE, or some variant thereof, is made available under a license
as liberal as the SRP license, it seems that it would be more
appropriate to consider it for a future optional authentication method,
as opposed to a mandatory one.

>     Title       : The SPEKE Password-Based Key Agreement Methods
>     Author(s)   : D. Jablon
>     Filename    : draft-jablon-speke-00.txt
>     Pages       : 25
>     Date        : 13-Feb-02
> 
> This document describes SPEKE, B-SPEKE, and SRP-4, three methods for
> password-based key agreement and authentication. In the same class of
> techniques as SRP-3 [RFC 2945], these methods provide a zero-knowledge
> proof of a password and authenticate session keys over an unprotected
> channel, with minimal dependency on infrastructure and proper user
> behavior. These methods are compatible with IEEE 1363 and ANSI X9
> standards, and are closely aligned with RFC 2945 from an application
> perspective. They are also based on different fundamental techniques than
> earlier patented alternatives, providing an expanded set of choices for
> convenient and secure personal authentication over the Internet.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-jablon-speke-00.txt
> 
> -- David
> 
> ---------------------------------------------------
> David Jablon
> dpj@world.std.com
> tel: 508 898 9024

Tom
-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."

Follow-Ups:
- Re: New draft relevant to SRP
  - From: David Jablon <dpj@world.std.com>

References:
- New draft relevant to SRP
  - From: David Jablon <dpj@world.std.com>

Prev by Date: Re: iSCSI: Question: ISID Rule?
Next by Date: RE: iSCSI: Question: ISID Rule?
Prev by thread: New draft relevant to SRP
Next by thread: Re: New draft relevant to SRP
Index(es):
- Date
- Thread

Home

Last updated: Fri Mar 08 11:18:29 2002
9042 messages in chronological order