Re: [TLS] Straw poll on TLS SRP status

To: Yoav Nir <ynir at checkpoint.com>
Subject: Re: [TLS] Straw poll on TLS SRP status
From: Tom Wu <tjw at CS.Stanford.EDU>
Date: Mon, 4 Jun 2007 15:58:51 -0700 (PDT)
Cc: tls at ietf.org
In-reply-to: <B46303E3-889F-475C-BA31-6571713EFA04@checkpoint.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.64.0706020003480.16941@xenon.Stanford.EDU> <B46303E3-889F-475C-BA31-6571713EFA04@checkpoint.com>

On Sun, 3 Jun 2007, Yoav Nir wrote:


On Jun 2, 2007, at 10:08 AM, Tom Wu wrote:

Martin Rex:

The document status is pretty much the only "incentive" that the
IETF can put out for companies to slow down on their patents race
or at least to come up with reasonable licensing terms (i.e. royalty free
for Free and OpenSource software).


Keep in mind that in the context of this discussion, Stanford (SRP) and
Lucent (EKE) are competitors.  Knocking down TLS-SRP from Proposed to
Informational/Experimental rewards the player that did not do the "right"
thing (free licensing) at the expense of the player that did the "right"
thing (Stanford).  The last thing you want to do is to create an incentive
for players to do an IPR "denial of service" on a competitor's technology,
since this encourages "patent race" behavior.

It's not about punishing Stanford or rewarding Lucent. It's the question of whether or not you might get sued for implementing this.


It _is_ precisely about punishment/reward - if you read the context of
my comments, you'll see that I was addressing Martin Rex's point about
the use of document status as incentive, and supplying information about
how the incentives would work in this particular case.

Perhaps, but we don't need to have the key mixed into the encryption keys of TLS. It should be good enough to have the server prove it has access to the SRP key. This was the approach taken in IKEv2, and it should also be good for EAP-in-TLS.


Handwaving with the word "should" is easy, but there still isn't a
specific protocol that can be analyzed for security, or performance
for that matter - if there is one D-H exchange for the session
security keys and a separate key exchange for SRP, then you're
already at close to a factor-of-two performance disadvantage
compared to SRP-TLS.  It's not that I dislike EAP-in-TLS, but it's
not entirely fair to compare a real standard versus some theoretical
construct, especially if you always give the latter the benefit of
the doubt before it gets exposed to real design and engineering
tradeoffs.  This EAP discussion is a non-starter until someone
actually puts forth a specific SRP-EAP-TLS proposal.

Tom
--
Tom Wu
http://www-cs-students.stanford.edu/~tjw/

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Straw poll on TLS SRP status
  - From: Yoav Nir

References:
- Re: [TLS] Straw poll on TLS SRP status
  - From: Tom Wu
- Re: [TLS] Straw poll on TLS SRP status
  - From: Yoav Nir

Prev by Date: [TLS] I-D ACTION:draft-ietf-tls-ecc-new-mac-01.txt
Next by Date: RE: [TLS] Comments on draft-housley-tls-authz-extns-07
Previous by thread: Re: [TLS] Straw poll on TLS SRP status
Next by thread: Re: [TLS] Straw poll on TLS SRP status
Index(es):
- Date
- Thread

Re: [TLS] Straw poll on TLS SRP status

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.