Fixing HTTPAuth and native SRP on the Web

The IETF has a working group charter they are working on in this space, 
but W3C help could probably be used in terms of assuring implementation.

As for myself, while I realize that a browser chrome-based login or 
standardized pop-up ala HTTPAuth will likely never be used by most 
sites, something like that for high-security sites should work (and of 

On the protocol level, I really prefer just good old-fashioned SRP 
(Secure Remote Password) simply because that is what I've used in past 
implementation work, but I understand the field has moved on a bit. Can 
anyone provide a brief summary of what is state of the art in Auth 
beyond SRP [1]?



Received on Tuesday, 17 December 2013 22:26:38 UTC