[144422] in cryptography@c2.net mail archive
Re: Solving password problems one at a time, Re: The password-reset paradox
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed May 6 09:54:14 2009
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ben@links.org, smb@cs.columbia.edu
Cc: cryptography@metzdowd.com, edgerck@nma.com
In-Reply-To: <49B10727.1060805@links.org>
Date: Thu, 07 May 2009 01:23:52 +1200
Ben Laurie <ben@links.org> writes:
>Incidentally, the reason we don't use EKE (and many other useful schemes) is
>not because they don't solve our problems, its because the rights holders
>won't let us use them.
That's not the reason, TLS-SRP isn't that annoyingly encumbered, and even the
totally unencumbered TLS-PSK doesn't get used by anyone. I was told a reason
for the lack of use of strong password protocols from one browser vendor that
was so stunningly stupid that I had trouble beliving that it was for real, ask
me in private mail if you want the details. In any case though it's not
patent issues that are leading to non-use.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
