- From: Harry Halpin <hhalpin@w3.org>
- Date: Fri, 13 Jun 2014 11:12:15 +0200
- To: Hajime Watanabe <h-watanabe@aist.go.jp>, public-web-security@w3.org
Thank you, I will read. You may also want to come to our next workshpop:
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html
cheers,
harry
On 06/13/2014 06:24 AM, Hajime Watanabe wrote:
> Dear Harry,
>
> It might be too late but we have made a brief summary of the current
> status of PAKE. I hope you will find the attached file helpful.
>
> Best regards,
>
> Hajime
>
> (2013/12/18 7:26), Harry Halpin wrote:
>> The IETF has a working group charter they are working on in this space,
>> but W3C help could probably be used in terms of assuring implementation.
>>
>> As for myself, while I realize that a browser chrome-based login or
>> standardized pop-up ala HTTPAuth will likely never be used by most
>> sites, something like that for high-security sites should work (and of
>> course, w3.org!).
>>
>> On the protocol level, I really prefer just good old-fashioned SRP
>> (Secure Remote Password) simply because that is what I've used in past
>> implementation work, but I understand the field has moved on a bit. Can
>> anyone provide a brief summary of what is state of the art in Auth
>> beyond SRP [1]?
>>
>> cheers,
>> harry
>>
>> [1] http://srp.stanford.edu/
>>
>>
>>
>
>
Received on Friday, 13 June 2014 09:12:23 UTC