Re: [TLS] Straw poll on TLS SRP status

To: Tom Wu <tjw at CS.Stanford.EDU>
Subject: Re: [TLS] Straw poll on TLS SRP status
From: Yoav Nir <ynir at checkpoint.com>
Date: Sun, 3 Jun 2007 13:43:08 +0300
Cc: tls at ietf.org
In-reply-to: <Pine.LNX.4.64.0706020003480.16941@xenon.Stanford.EDU>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.64.0706020003480.16941@xenon.Stanford.EDU>


On Jun 2, 2007, at 10:08 AM, Tom Wu wrote:

Martin Rex:
The document status is pretty much the only "incentive" that the IETF can put out for companies to slow down on their patents race or at least to come up with reasonable licensing terms (i.e. royalty free for Free and OpenSource software).
Keep in mind that in the context of this discussion, Stanford (SRP) and Lucent (EKE) are competitors. Knocking down TLS-SRP from Proposed to Informational/Experimental rewards the player that did not do the "right" thing (free licensing) at the expense of the player that did the "right" thing (Stanford). The last thing you want to do is to create an incentive for players to do an IPR "denial of service" on a competitor's technology, since this encourages "patent race" behavior.

It's not about punishing Stanford or rewarding Lucent. It's the question of whether or not you might get sued for implementing this.

Yoav Nir:
I think SRP should not be a stand-alone extension, but rather that it should be introduced as part of EAP.
At the risk of being a bit blunt, if the EAP approach is so great, why has more support grown around TLS-SRP instead? I would also add that the two parts of your statement are not mutually exclusive. If you want to advance EAP-SRP in TLS, great, but it is not a valid reason to slow down a standard that is already in use and has seen a lot of scrutiny.

I know SRP has the capability to do the whole key exchange, but why do we need it.
Perhaps we want the session to be secure against MITM attacks?

Perhaps, but we don't need to have the key mixed into the encryption keys of TLS. It should be good enough to have the server prove it has access to the SRP key. This was the approach taken in IKEv2, and it should also be good for EAP-in-TLS.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Straw poll on TLS SRP status
  - From: Tom Wu

References:
- Re: [TLS] Straw poll on TLS SRP status
  - From: Tom Wu

Prev by Date: [TLS] Re: Comments on draft-housley-tls-authz-extns-07
Next by Date: Re: [TLS] Comments on draft-housley-tls-authz-extns-07
Previous by thread: Re: [TLS] Straw poll on TLS SRP status
Next by thread: Re: [TLS] Straw poll on TLS SRP status
Index(es):
- Date
- Thread

Re: [TLS] Straw poll on TLS SRP status

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.