As a followup, I spoke to an IETF friend who's used and implemented both SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's significantly more difficult to implement (and therefore has a bit of a monoculture risk overall, though of course that wouldn't apply to us if we were to write the code from scratch).
Apparently the patent status is still not entirely clear. Two of the patents expired, but there are others that may be relevant. Stanford claims a patent, but apparently grant a free license if you do meet certain conditions. But he doesn't know of anyone having to go to court over the use of SRP. -- Abhijit -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
