Re: [TLS] Straw poll on TLS SRP status

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Yoav Nir <ynir at checkpoint.com> writes:

>It works well enough that the browsers have it now (at least IE), and also
>IKE implementations from several vendors including Microsoft.

It's irrelevant what the software has built in, if no-one's using it then it
may as well not be there (that's just a paraphrasing of the prime directive of
security UI, "If the user doesn't understand your feature, it doesn't exist").
Certicom issued their "royalty-free license" for ECC in TLS last year some
time, and I still haven't seen any use of it by anyone outside the USG and its
dependents as part of the Suite B mandate.  Although I can't speak for vendors
like Microsoft, I would imagine their only reason for putting it in IE was for
that particular market (I've talked to non-MS developers and they've told me
that's the sole reason why they added it to their product).

(Again, I don't know about the IKE situation).

Anyway, this is all going off on a bit of a tangent...

Peter.


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls