Solving password problems one at a time, Re: The password-reset paradox

[Peter Gutmann]

Ben Laurie <ben at links.org> writes:

>Incidentally, the reason we don't use EKE (and many other useful schemes) is
>not because they don't solve our problems, its because the rights holders
>won't let us use them.

That's not the reason, TLS-SRP isn't that annoyingly encumbered, and even the 
totally unencumbered TLS-PSK doesn't get used by anyone.  I was told a reason 
for the lack of use of strong password protocols from one browser vendor that 
was so stunningly stupid that I had trouble beliving that it was for real, ask 
me in private mail if you want the details.  In any case though it's not 
patent issues that are leading to non-use.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com