OpenSSH SRP 3.8.1p1 patch

Tom Wu tom at arcot.com
Thu Aug 5 06:44:12 EST 2004


Edward Flick wrote:
> Its not proof thats scaring people off, its accusations.  I also really 
> wish you would address them more directly in a public forum.  And get 
> this issue finalized.

I believe I have done exactly that at every opportunity.  I've made my 
position on this issue abundantly clear.  Perhaps you can give an 
example of what you would like to see.

> Yes, but the problem with ignoring it means extremely slow uptake of SRP 
> technology.  In this lawyer ruled age of computing, people cower behind 

But the uptake appears to be occuring anyway, both in OSS and commercial 
applications.  Some parties are cowering, as you say, but some have 
taken a closer look at the issue and are not cowering.

> their worries of being sued because of inheriting an IP issue.  The 
> fundamental flaw here isn't that the claimant is asserting a falsehood, 

Technically, there is not even an assertion, but really a rumor, that is 
being believed by some.

> it is the fact that people are listening to it.  You may not be abliged 
> to put this issue to rest, but in the best interest of your project, and 
> to the good that it could do in general, you might want to go ahead and 
> do just that.

Again, perhaps more concrete examples would help.  You can take this 
off-list if you think that would make more sense.

> 
> Edward
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

Tom
-- 
Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124




More information about the openssh-unix-dev mailing list