Status of SRP
Joseph Ashwood
ashwood at msn.com
Wed May 31 00:21:37 EDT 2006
----- Original Message -----
From: "James A. Donald" <jamesd at echeque.com>
Subject: Status of SRP
> The obvious solution to the phishing crisis is the widespread deployment
> of SRP, but this does not seem to happening. SASL-SRP was recently
> dropped. What is the problem?
The problem is that you're attempting to treat the wrong aspect. Yes SRP
verifies the server, but requiring even more work on the part of the client
will not solve the problem. Attempting to use SRP to solve this problem is
basically saying "You must be this smart to be worth protecting."
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list