* James A. Donald:
I figured that the obvious solution to all this was to deploy zero
knowledge technologies, where both parties prove knowledge of the
shared secret without revealing the shared secret.
Keep in mind that one party runs the required software on a computed
infected with
--
From: Charlie Kaufman
From a legal perspective, they would
probably have a better chance with SRP, since Stanford
holds a patent and might be motivated to support the
challenge.
The vast majority of phishing attacks and other forms of man in the
middle attack seek to
In message [EMAIL PROTECTED], James A. Donald writes:
--
Does SPEKE claim to patent any uses of zero knowledge
proof of possession of the password for mutual
authentication, or just some particular method for
establishing communications? Is there any way around
the SPEKE patent for mutual
You may want to look at EAP-PAX. We tried to engineer around the
patent land mines in the field when we designed it. This of course
doesn't mean that someone won't claim it infringes on something.
We also have a proof (not yet published) of security in a random
oracle model.
Best, Bill
