SRP Patch Integration?
Niels Provos
provos at citi.umich.edu
Tue Feb 12 15:34:25 EST 2002
>Simply stated, SRP is a strong password authentication protocol that
>resists passive/active network attack, and when used in conjunction with
>OpenSSH, solves the "unknown host key" problem without requiring host
>key fingerprint verification or PKI deployment (e.g. X.509 certs). Put
>another way, is there any good reason *not* to fold these patches into
>OpenSSH proper?
SRP would be useful to have. However, as it is patented I do not know
if it can be included in OpenSSH. The grant in the patent seems to
place restrictions on the licensee.
It is not clear if EKE or SPEKE patents are required for a SRP
implementation.
As far as I see it, everything that is patented is tainted.
Somebody who has money to pay a lawer needs to investigate
this further.
Niels.
More information about the openssh-unix-dev
mailing list