Solving password problems one at a time, Re: The password-reset paradox
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed May 6 09:23:52 EDT 2009
Ben Laurie <ben at links.org> writes:
>Incidentally, the reason we don't use EKE (and many other useful schemes) is
>not because they don't solve our problems, its because the rights holders
>won't let us use them.
That's not the reason, TLS-SRP isn't that annoyingly encumbered, and even the
totally unencumbered TLS-PSK doesn't get used by anyone. I was told a reason
for the lack of use of strong password protocols from one browser vendor that
was so stunningly stupid that I had trouble beliving that it was for real, ask
me in private mail if you want the details. In any case though it's not
patent issues that are leading to non-use.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list