[26995] in cryptography@c2.net mail archive
Re: Status of SRP
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Thu Jun 1 10:10:59 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
Date: Tue, 30 May 2006 21:21:37 -0700
----- Original Message -----
From: "James A. Donald" <jamesd@echeque.com>
Subject: Status of SRP
> The obvious solution to the phishing crisis is the widespread deployment
> of SRP, but this does not seem to happening. SASL-SRP was recently
> dropped. What is the problem?
The problem is that you're attempting to treat the wrong aspect. Yes SRP
verifies the server, but requiring even more work on the part of the client
will not solve the problem. Attempting to use SRP to solve this problem is
basically saying "You must be this smart to be worth protecting."
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
