Joel N. Weber II wrote:
In theory, you can use that SASL mechanism with an intergrity protection layer. In practice, since it appears that the SASL SRP mechanism basically does the things you want a Secure Shell key exchange to accomplish, it may be better to define a new Secure Shell key exchange algorithm to support SRP.
There are implementations of SRP as an SSH key exchange mechanism 'in the wild', and at least one expired I-D documenting them. They can presumably be revived as needed.
However, this is probably a mostly academic discussion at the moment, due to IPR issues related to SRP. Fortunately, patents do expire eventually.
But SRP has a royalty-free license: http://www.ietf.org/ietf/IPR/WU-SRP. Although there is some concern over third-party IPR, that should not (and has not) prevented movement on standards documents in this space. Ultimately it is up to the marketplace to decide.
Tom -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124