Re: Fixing HTTPAuth and native SRP on the Web

Dear Harry,

It might be too late but we have made a brief summary of the current
status of PAKE. I hope you will find the attached file helpful.

Best regards,


(2013/12/18 7:26), Harry Halpin wrote:
> The IETF has a working group charter they are working on in this space,
> but W3C help could probably be used in terms of assuring implementation.
> As for myself, while I realize that a browser chrome-based login or
> standardized pop-up ala HTTPAuth will likely never be used by most
> sites, something like that for high-security sites should work (and of
> course,!).
> On the protocol level, I really prefer just good old-fashioned SRP
> (Secure Remote Password) simply because that is what I've used in past
> implementation work, but I understand the field has moved on a bit. Can
> anyone provide a brief summary of what is state of the art in Auth
> beyond SRP [1]?
>  cheers,
>      harry
> [1]

Received on Friday, 13 June 2014 11:44:35 UTC