IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: agent draft (was Re: Secure Shell: Milestone Update.)
On Fri, 2005-03-18 at 08:44, Niels M?ller wrote:
> But for login, I think it would be even better with something in the
> srp/speke class of password authentication. Important objectives are:
> Use passphrase also to authenticate the server (so we can bootstrap
> without hostkeys). And don't transmit anything on the wire that allows
> an eavesdropper or MITM to mount a dictionary attack. It's REALLY a
> shame almost everything in that area seem to be patented.
The patent isn't the issue -- it's the license terms offered.
compare: http://www.ietf.org/ietf/IPR/WU-SRP
with: http://www.ietf.org/ietf/IPR/PHOENIX-SRP-RFC2945.txt
Given that many important implementations of ssh are free-as-in-beer,
anything but royalty-free license terms is not worth our time.
The patents in this space have been very frustrating to a number of IETF
WG's.
- Bill
Home |
Main Index |
Thread Index |
Old Index