Re: [TLS] Straw poll on TLS SRP status

[Jeffrey Altman <jaltman at secure-endpoints.com>]

Peter Gutmann wrote:
> <Pasi.Eronen at nokia.com> writes:
>
>> The question is: Do you support advancing draft-ietf-tls-srp as Proposed
>> Standard?
>>
>>   [ ] Yes.
>>   [X] I think Informational/Experimental is better.
>>   [ ] I don't care about the status, just get it published.
>>   [ ] Something else, please state:
>>
>> You may reply either on the list, or privately to the chairs.
>
> I'll reply publicly in order to provide a rationale: Arguments against it
> becoming a full standard are that this spec has been around for six years now
> without any significant implementations appearing (apologies to the authors of
> GnuTLS and TLS Lite :-).  
Commercial implementations are blocked while waiting for the RFC so that
the permanent cipher suite numbers can be assigned.
>
> So really the only deciding factor is the IP status.  The Lucent and
> especially the Phoenix IPR statements will be, in my experience, sufficient to
> scare off any commercial users (and by extension non-commercial users who have
> to worry about lawyers).  So although it'd be nice to see SRP deployed, I
> don't think the IP encumbrance will get it past Informational.  If it wasn't
> for that, my vote would be "Just get it published".
There are several commercial implementations of RFC 2944 and RFC 2945. 
The IPR statements and surrounding FUD were not sufficient to prevent
implementations for Telnet clients and servers.

Just publish the thing and let the market decide when to implement it.

Jeffrey Altman
Secure Endpoints Inc.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls