On Thu, February 25, 2016 11:41 pm, Watson Ladd wrote: > On Thu, Feb 25, 2016 at 11:33 PM, Dan Harkins <dhark...@lounge.org> wrote: >> >> Hi, >> >> On Wed, February 24, 2016 1:59 pm, Rick van Rein wrote: >>> Hi, >>> >>>> Although the lack of modern cipher-suites for SRP makes it not very >>>> attractive these days. >>>> >>> Does anyone know if work on something like "ECSRP" is going on, >>> anywhere? >>> >>> We've recently worked on getting it working with PKCS #11, >>> >>> https://github.com/arpa2/srp-pkcs11 >>> https://github.com/arpa2/srp-pkcs11/blob/rfc5054_compat/doc/design/srp-pkcs11.pdf >>> >>> It could be interesting to see if this translates to the Elliptic Curve >>> arena. >>> >>> I heard rumours of alternatives being weighed against one another, but >>> failed to find anything concrete. Links are quite welcome! >> >> Well there's TLS-PWD. Works just fine with ECC. Also provides >> for protection of the client username from passive attack. >> >> https://tools.ietf.org/html/draft-ietf-tls-pwd-07 > > As well as my SPAKE2 draft, which can fit in TLS easily. The real > problem here is that there is no reason not to use certificates in a > lot of cases.
Well if you're using a browser I'd agree with you. But when TLS is used to protect non-browser traffic there are plenty of cases where you won't have an implicit trust anchor database or you're going to some server administered by someone who most likely only has a self-signed cert (Let's Encrypt makes it easy to get a cert for a web server but, again, that's kind of browser-centric). I address the case for certificate-less authentication in section 1.1 of the TLS-PWD I-D. regards, Dan. >> >> Thanks for reminding me to update that draft :-) >> >> Dan. >> >>> -Rick >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > > > > -- > "Man is born free, but everywhere he is in chains". > --Rousseau. > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
