Re: [TLS] Straw poll on TLS SRP status

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Yoav Nir <ynir at checkpoint.com> writes:

>I think SRP should not be a stand-alone extension, but rather that it should
>be introduced as part of EAP.
>
>The choice is between separate extensions for SRP and for each authentication
>method, or to introduce them all at once under EAP, as was done in IKEv2.

Is it possible to do this though?  Using the taxonomy I posted earlier, TLS-
SRP would seem to fall into the "modify the crypto portion of the TLS
handshake" bucket (alongside TLS-KRB5 and TLS-PSK), which means that you
couldn't really do it inside EAP.  Admittedly you could do a standard TLS
handshake and then follow it up with SRP inside EAP purely for the
authentication portion, but that seems (a) messy (see draft-iab-auth-mech-*)
and (b) a bit of a waste of SRP's capabilities, since it can do the whole key
exchange step as well.

Peter.


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls