W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: Shared Secret Authentication

From: David P. Kemp <dpkemp@missi.ncsc.mil>
Date: Fri, 7 Feb 1997 09:19:24 -0500
Message-Id: <199702071419.JAA08315@argon.ncsc.mil>
To: ietf-tls@w3.org
> From: "David P. Jablon" <dpj@world.std.com>
> Earlier threads on this list seem to have focused debate on
> weak methods for password/passphrase/shared-secret authentication.
> Methods that are immune to unconstrained dictionary attack
> have been around since 1992, from Bellovin & Merritt's EKE family
> of protocols, to the SPEKE method developed by myself.
> I find it curious that the debate has settled down upon
> demonstrably weaker alternatives, as in the current drafts.
> I would suggest that the passauth-00.txt "Addition of
> Shared Key Authentication" document be modified to use
> strong password authentication.  Presenting weak password
> authentication as an alternative to strong public-key
> methods seems sloppy.
> ------------------------------------
> David P. Jablon
> Integrity Sciences, Inc.
> Westboro, MA
> Tel: +1 508 898 9024
> http://world.std.com/~dpj/
> E-mail: dpj@world.std.com

I believe that the earlier thread contained implications that the
Bellovin & Merritt technique might be encumbered by intellectual
property restrictions.

Is the SPEKE method covered by any patents, B-M, your own, or others?

The One-Time-Password working group made it's distaste for encumbered
technology "patently" clear (sorry :-) at the December IETF - choosing
to reject both a method patented by Bull and an alternative patented by

The TLS working group also expressed concern about using patented
compression technology from Hi-Fn (Stac), although it may be possible
to implement the proposed compression method in a non-infringing way.

If SPEKE is both demonstrably stronger than Dan Simon's proposal
*and* unencumbered, then by all means submit a draft for our consideration.
If it is not, it will probably fall pretty low on the priority list of
work items.
Received on Friday, 7 February 1997 09:20:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC