Re: [TLS] Straw poll on TLS SRP status

[Tom Wu <tjw at CS.Stanford.EDU>]

> I really think you should give the user the choice between IPR-laden methods (such as EAP-SRP) and IPR-free methods such as EAP-MD5.

As you indicate, your bias affects how you frame the issue and what
premises you accept.  In actuality, your point is ironically a good
one in favor of making TLS-SRP Proposed, precisely because it's a good
thing to have a choice between a strong password solution (TLS-SRP)
and a weaker one (EAP-MD5?) in TLS.

And given that SRP's licensing terms have made it the most widespread
of the various strong password techniques, it's the only viable
candidate for Proposed status, if you believe that it is to the
benefit of the greater good to have a strong (against passive and
active dictionary attack), well-tested, and standardized mechanism
for password authentication over TLS.  Then let the market decide.

Tom
--
Tom Wu
http://www-cs-students.stanford.edu/~tjw/

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls