- From: Hajime Watanabe <h-watanabe@aist.go.jp>
- Date: Fri, 13 Jun 2014 13:24:09 +0900
- To: public-web-security@w3.org, hhalpin@w3.org
Received on Friday, 13 June 2014 11:44:35 UTC
Dear Harry, It might be too late but we have made a brief summary of the current status of PAKE. I hope you will find the attached file helpful. Best regards, Hajime (2013/12/18 7:26), Harry Halpin wrote: > The IETF has a working group charter they are working on in this space, > but W3C help could probably be used in terms of assuring implementation. > > As for myself, while I realize that a browser chrome-based login or > standardized pop-up ala HTTPAuth will likely never be used by most > sites, something like that for high-security sites should work (and of > course, w3.org!). > > On the protocol level, I really prefer just good old-fashioned SRP > (Secure Remote Password) simply because that is what I've used in past > implementation work, but I understand the field has moved on a bit. Can > anyone provide a brief summary of what is state of the art in Auth > beyond SRP [1]? > > cheers, > harry > > [1] http://srp.stanford.edu/ > > >
Received on Friday, 13 June 2014 11:44:35 UTC