>> - Change the negotiation so that user name is not exchanged in the clear >> - Change key exchange to do PFS
>TLS-pwd already supports both of these. It also supports ECC too, >which is problematic with the current SRP protocol. I agree: Instead of modifying SRP I would prefer introducing a new PAKE scheme. On CFRG I recently submitted a draft on requirements for such schemes (https://www.ietf.org/mail-archive/web/cfrg/current/msg07005.html). Or to be even more flexible - how about defining a generic way to include PAKE in TLS to prevent a whole bunch of ExtensionTypes and CipherSuites by merging them into one "PAKE_Auth"? Best, Jörn
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
