- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Fri, 7 Feb 1997 09:19:24 -0500
- To: ietf-tls@w3.org
> From: "David P. Jablon" <dpj@world.std.com> > > Earlier threads on this list seem to have focused debate on > weak methods for password/passphrase/shared-secret authentication. > > Methods that are immune to unconstrained dictionary attack > have been around since 1992, from Bellovin & Merritt's EKE family > of protocols, to the SPEKE method developed by myself. > I find it curious that the debate has settled down upon > demonstrably weaker alternatives, as in the current drafts. > > I would suggest that the passauth-00.txt "Addition of > Shared Key Authentication" document be modified to use > strong password authentication. Presenting weak password > authentication as an alternative to strong public-key > methods seems sloppy. > > ------------------------------------ > David P. Jablon > Integrity Sciences, Inc. > Westboro, MA > Tel: +1 508 898 9024 > http://world.std.com/~dpj/ > E-mail: dpj@world.std.com I believe that the earlier thread contained implications that the Bellovin & Merritt technique might be encumbered by intellectual property restrictions. Is the SPEKE method covered by any patents, B-M, your own, or others? The One-Time-Password working group made it's distaste for encumbered technology "patently" clear (sorry :-) at the December IETF - choosing to reject both a method patented by Bull and an alternative patented by Bellcore. The TLS working group also expressed concern about using patented compression technology from Hi-Fn (Stac), although it may be possible to implement the proposed compression method in a non-infringing way. If SPEKE is both demonstrably stronger than Dan Simon's proposal *and* unencumbered, then by all means submit a draft for our consideration. If it is not, it will probably fall pretty low on the priority list of work items.
Received on Friday, 7 February 1997 09:20:08 UTC