SRP secure remote password authentication

Edward Flick eddy at cdf-imaging.com
Thu Sep 18 06:59:21 EST 2003


Hello Tom,
Since I am just now realizing you monitor this list.  Exactly, what is
implied by the SRP-Z license?  As you can implicitly determine (by
successful negotation) if the server on the other end is the server you
intended to communicate with, exactly what is the differentiating factor
between SRP and SRP-Z.

Edward Flick

-----Original Message-----
From: openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org
[mailto:openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org]On
Behalf Of Tom Wu
Sent: Wednesday, September 17, 2003 2:20 PM
To: Markus Friedl
Cc: openssh-unix-dev at mindrot.org; Jeremy Nysen
Subject: Re: SRP secure remote password authentication


SRP is, if anything, the protocol with the *least* problematic patent
license:

   http://www.ietf.org/ietf/IPR/WU-SRP

since royalty-free terms are offered.  If that isn't good enough for
OpenSSH, then neither is DSA.

Tom

Markus Friedl wrote:
> SRP and similar protocols have patent problems.
>
> are there any without?
>
> On Wed, Sep 17, 2003 at 11:00:18AM +1000, Jeremy Nysen wrote:
>
>>Are there any plans to include support for SRP or a similar zero-knowledge
>>password protocol into OpenSSH?
>>
>>--
>>Jeremy
>>
>>_______________________________________________
>>openssh-unix-dev mailing list
>>openssh-unix-dev at mindrot.org
>>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

--
Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




More information about the openssh-unix-dev mailing list