Re: TLS Based on SRP

Sun, 11 Mar 2001 19:30:52 -0800 

I think what Tom is saying is that once it has been added to OpenSSL,
he will provide support for it in his Telnet and FTP clients/servers.

It has nothing to do with the Telnet Application layer.  Telnet
already supports TLS via the START_TLS option.  

Using SRP to authenticate a TLS session is already support in Telnet
via the use of Telnet AUTH after a Telnet START_TLS.



> Also Excellent!  Would this be more along the lines of adding it at the
> application layer (telnet)?
> 
>  Rather than tying this to a particular app protocol I would love to see it
> at the TLS layer so that it generates the pre-master secret directly.
> 
>   When I was thinking about this a while ago I considered doing the SRP
> seperate from TLS and then using it to do crypto seperately in a bulk way
> and not relying on TLS.  Is there any strong feeling one way or the
> other?  I personally like the work Mr. Taylor has done as a starting point.
> 
> Later,
> dj
> 
> 
> 
> On Sun, 11 Mar 2001, Tom Wu wrote:
> 
> :Jeffrey Altman wrote:
> :> 
> :> >
> :> > hi,
> :> >
> :> >   I recently found an IETF draft written by David Taylor that proposes the
> :> > addition of a new ciphersuite.
> :> >
> :> > >A URL for this Internet-Draft is:
> :> > >http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
> :> >
> :> >
> :> > Has this thought come across the OpenSSL To Do list?  Is there any comment
> :> > on this draft?
> :> >
> :> 
> :> Its on my to do list.
> :
> :I will be doing integration work with START_TLS+SRP telnet/telnetd and
> :doing interoperability testing.
> :
> :>  Jeffrey Altman * Sr.Software Designer      C-Kermit 7.1 Alpha available
> :>  The Kermit Project @ Columbia University   includes Secure Telnet and FTP
> :>  http://www.kermit-project.org/             using Kerberos, SRP, and
> :>  [EMAIL PROTECTED]          OpenSSL.  SSH soon to follow.



 Jeffrey Altman * Sr.Software Designer      C-Kermit 7.1 Alpha available
 The Kermit Project @ Columbia University   includes Secure Telnet and FTP
 http://www.kermit-project.org/             using Kerberos, SRP, and 
 [EMAIL PROTECTED]          OpenSSL.  SSH soon to follow.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to