At 2015-03-14 09:44:02 +0200, hlinn...@iki.fi wrote:
Perhaps it would be time to restart the discussion on standardizing
SRP as a SASL mechanism in IETF.
I haven't seen much evidence that there's any interest in doing this; in
fact, I can't remember the author of the draft you pointed to being
As a followup, I spoke to an IETF friend who's used and implemented both
SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
significantly more difficult to implement (and therefore has a bit of a
monoculture risk overall, though of course that wouldn't apply to us if
we were
Abhijit Menon-Sen wrote:
P.S. I don't know why the SRP code was removed from LibreSSL; nor am I
sure how seriously to take that. It's possible that it's only because
it's (still) rather obscure.
As I recall, the working principle of the LibreSSL guys is to remove
everything that can't be
* Abhijit Menon-Sen (a...@2ndquadrant.com) wrote:
As a followup, I spoke to an IETF friend who's used and implemented both
SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
significantly more difficult to implement (and therefore has a bit of a
monoculture risk overall,
On 03/09/2015 04:43 PM, Abhijit Menon-Sen wrote:
At 2015-03-09 13:52:10 +0200, hlinn...@iki.fi wrote:
Do you have any insight on why the IETF working group didn't choose a
PAKE protocol instead of or in addition to SCRAM, when SCRAM was
standardized?
Hi Heikki.
It was a long time ago, but I
Hi Abhijit, I didn't realize you were involved in the IETF process on
SCRAM :-).
On 03/09/2015 09:21 AM, Abhijit Menon-Sen wrote:
At 2015-03-08 12:48:44 -0700, j...@agliodbs.com wrote:
Since SCRAM has been brought up a number of times here, I thought
I'd loop in the PostgreSQL contributor
At 2015-03-09 13:52:10 +0200, hlinn...@iki.fi wrote:
Do you have any insight on why the IETF working group didn't choose a
PAKE protocol instead of or in addition to SCRAM, when SCRAM was
standardized?
Hi Heikki.
It was a long time ago, but I recall that SRP was patent-encumbered:
At 2015-03-08 12:48:44 -0700, j...@agliodbs.com wrote:
Since SCRAM has been brought up a number of times here, I thought
I'd loop in the PostgreSQL contributor who is co-author of the SCRAM
standard to see if he has anything to say about implementing SCRAM as
a built-in auth method for
All,
Since SCRAM has been brought up a number of times here, I thought I'd
loop in the PostgreSQL contributor who is co-author of the SCRAM
standard to see if he has anything to say about implementing SCRAM as a
built-in auth method for Postgres.
Abhijit?
--
Josh Berkus
PostgreSQL Experts Inc.
