At 14:47 11/10/2005 -0800, Charlie Kaufman wrote:
[... Radia Perlman and I] were approached by
David Jablon, the inventor of SPEKE but no longer
the patent holder, who suggested that we should
not assume that PDM did not infringe SPEKE and
should not make such claims to others. This was
based on
* James A. Donald:
I figured that the obvious solution to all this was to deploy zero
knowledge technologies, where both parties prove knowledge of the
shared secret without revealing the shared secret.
Keep in mind that one party runs the required software on a computed
infected with
Charlie Kaufman wrote:
[...]
I am not aware of anyone who is publicly shipping - either
in a commercial product or as open source - an implementation
of a strong password protocol without having paid protection
money to either Lucent or Phoenix (or both).
A not totally up-to-date list of
--
From: Charlie Kaufman
From a legal perspective, they would
probably have a better chance with SRP, since Stanford
holds a patent and might be motivated to support the
challenge.
The vast majority of phishing attacks and other forms of man in the
middle attack seek to
(resending after bounce)
-Original Message-
From: Charlie Kaufman
Sent: Wednesday, November 09, 2005 8:59 PM
To: 'James A. Donald'; [EMAIL PROTECTED]; cryptography@metzdowd.com
Subject: RE: How broad is the SPEKE patent.
James A. Donald said:
Does SPEKE claim to patent any uses
(resending after bounce)
-Original Message-
From: Charlie Kaufman
Sent: Wednesday, November 09, 2005 9:54 PM
To: 'Steven M. Bellovin'; James A. Donald
Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com
Subject: RE: How broad is the SPEKE patent.
- Steven M. Bellovin wrote:
Radia
--
Does SPEKE claim to patent any uses of zero knowledge
proof of possession of the password for mutual
authentication, or just some particular method for
establishing communications? Is there any way around
the SPEKE patent for mutual authentication and
establishing secure communications on
In message [EMAIL PROTECTED], James A. Donald writes:
--
Does SPEKE claim to patent any uses of zero knowledge
proof of possession of the password for mutual
authentication, or just some particular method for
establishing communications? Is there any way around
the SPEKE patent for mutual
You may want to look at EAP-PAX. We tried to engineer around the
patent land mines in the field when we designed it. This of course
doesn't mean that someone won't claim it infringes on something.
We also have a proof (not yet published) of security in a random
oracle model.
Best, Bill