You're good! :-) On the vendor side - perhaps EKE patent concern was the cause (you implement/sell free SRP and get slapped with EKE licensing)? And the users found alternative solutions in the meanwhile?
Do you think weak passwords are too dangerous overall (many other ways of attacking them outside of direct protocol attempts that we try to defend against), and so we shouldn't entertain them at all? Tnx! Regards, Uri ----- Original Message ----- From: pgut001 <pgut...@wintermute02.cs.auckland.ac.nz> To: s...@cs.columbia.edu <s...@cs.columbia.edu>; Blumenthal, Uri - 0662 - MITLL Cc: c...@irtf.org <c...@irtf.org>; hannes.tschofe...@gmx.net <hannes.tschofe...@gmx.net>; ipsec@ietf.org <ipsec@ietf.org>; paul.hoff...@vpnc.org <paul.hoff...@vpnc.org> Sent: Tue Mar 02 19:41:43 2010 Subject: Re: [Cfrg] [IPsec] Beginning discussion on secure password-only authentication for IKEv2 "Steven M. Bellovin" <s...@cs.columbia.edu> writes: >Note that the EKE patent expires in October 2011. (At least I think it does; >it was filed in October 1991.) Depending on when you expect implementations >to appear-- and given how long it takes to produce standards-track documents >in the IETF -- it might not be a problem. Given that SRP implementations have been available and more or less freely usable for quite some time and TLS-PSK is completely unencumbered anyway, I think the real issue won't be "when will implementations appear" but "why isn't anyone using them when they are available"? (Mind you that's a layer 8 issue, and therefore not our problem :-). Peter. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
