Re: [TLS] Straw poll on TLS SRP status

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

<Pasi.Eronen at nokia.com> writes:

>The question is: Do you support advancing draft-ietf-tls-srp as Proposed
>Standard?
>
>   [ ] Yes.
>   [X] I think Informational/Experimental is better.
>   [ ] I don't care about the status, just get it published.
>   [ ] Something else, please state:
>
>You may reply either on the list, or privately to the chairs.

I'll reply publicly in order to provide a rationale: Arguments against it
becoming a full standard are that this spec has been around for six years now
without any significant implementations appearing (apologies to the authors of
GnuTLS and TLS Lite :-).  Arguments for it being a full standard are that
given that we've got things like Camellia cipher suites (which have even less
mainstream support than SRP) moving forward as full standards, you can't
really count SRP out on that basis.  More to the point, the trend with WG
items seems to be to make everything a full standards rather than
experimental/informational.

So really the only deciding factor is the IP status.  The Lucent and
especially the Phoenix IPR statements will be, in my experience, sufficient to
scare off any commercial users (and by extension non-commercial users who have
to worry about lawyers).  So although it'd be nice to see SRP deployed, I
don't think the IP encumbrance will get it past Informational.  If it wasn't
for that, my vote would be "Just get it published".

Can we revisit this in 2012 (or 13, or whenever the patents expire)?

Peter.


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls