On Tue, May 25, 2010 at 04:24:38PM -0500, Nicolas Williams wrote:
> A thought about PAKEs and ZKPPs...
I should also mention that the benefits of the SCRAM-with-cb
approach: a) simplicity (doesn't get much simpler!), b) this is
completely unencumbered to the best of my knowledge[*].
The one downside is, as I described, the need to separately authenticate
the server to avoid sending material that is suitable for off-line
dictionary attacks to active attackers. In practice this is easy to
deal with.
[*] SCRAM is based on DIGEST-MD5, which, to the best of my knowledge is
unencumbered and has had a fruitful deployment store.
Channel binding goes back to the early 90s (92, I believe) and, to
the best of my knowledge, is also unencumbered.
Nico
--
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
