Re: How broad is the SPEKE patent.
* James A. Donald: > I figured that the obvious solution to all this was to deploy zero > knowledge technologies, where both parties prove knowledge of the > shared secret without revealing the shared secret. Keep in mind that one party runs the required software on a computed infected with spyware and other kinds of Trojan horses. This puts the effectiveness of zero-knowledge proofs into question. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: How broad is the SPEKE patent.
-- From: Charlie Kaufman > From a legal perspective, they would > probably have a better chance with SRP, since Stanford > holds a patent and might be motivated to support the > challenge. The vast majority of phishing attacks and other forms of man in the middle attack seek to steal existing shared secrets - passwords, social security numbers, credit card numbers. I figured that the obvious solution to all this was to deploy zero knowledge technologies, where both parties prove knowledge of the shared secret without revealing the shared secret. Now I see that zero knowledge technologies have been deployed - or almost so: SRP-TLS-OpenSSL http://www.edelweb.fr/EdelKey/ (not quite ready for prime time) And SRP GNU-TLS http://www.gnu.org/software/gnutls/manual/html_node/ Of course, actual use of these technologies means that the browser chrome, not the web page, must set up and verify the password. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FtM0KMPHrqFLxpaSShaR05Rlxb8CnxF4pHnz9Yqy 4RHOMGs4NJv8heDXAxtfYQ4sYI82tcElZ5wJ4qgvc - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: How broad is the SPEKE patent.
You may want to look at EAP-PAX. We tried to engineer around the patent land mines in the field when we designed it. This of course doesn't mean that someone won't claim it infringes on something. We also have a proof (not yet published) of security in a random oracle model. Best, Bill p.s. EAP-PAX is work with my student T. Charles Clancy. On Nov 9, 2005, at 10:54 AM, Steven M. Bellovin wrote: In message <[EMAIL PROTECTED]>, "James A. Donald" writes: -- Does SPEKE claim to patent any uses of zero knowledge proof of possession of the password for mutual authentication, or just some particular method for establishing communications? Is there any way around the SPEKE patent for mutual authentication and establishing secure communications on a weak passphrase? It certainly doesn't claim EKE, by myself and Michael Merritt, since he and I invented the field. Of course, EKE is also patented. SRP is patented but royalty-free. Some of have claimed that it infringes the EKE patent; since I don't work for the EKE patent owner (Lucent), I've never tried to verify that. Radia Perlman and Charlie Kaufman invented PDM specifically as a patent-free method. However, the claim was made that it infringed the SPEKE patent. Since it wasn't patented, there was no one willing to spend the money on legal fees to fight that claim, per a story I heard. Have a look at http://web.archive.org/web/20041018153649/ integritysciences.com/history.html for some history. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: How broad is the SPEKE patent.
In message <[EMAIL PROTECTED]>, "James A. Donald" writes: >-- >Does SPEKE claim to patent any uses of zero knowledge >proof of possession of the password for mutual >authentication, or just some particular method for >establishing communications? Is there any way around >the SPEKE patent for mutual authentication and >establishing secure communications on a weak passphrase? > It certainly doesn't claim EKE, by myself and Michael Merritt, since he and I invented the field. Of course, EKE is also patented. SRP is patented but royalty-free. Some of have claimed that it infringes the EKE patent; since I don't work for the EKE patent owner (Lucent), I've never tried to verify that. Radia Perlman and Charlie Kaufman invented PDM specifically as a patent-free method. However, the claim was made that it infringed the SPEKE patent. Since it wasn't patented, there was no one willing to spend the money on legal fees to fight that claim, per a story I heard. Have a look at http://web.archive.org/web/20041018153649/integritysciences.com/history.html for some history. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]