On Aug 22, 2008, at 11:23 PM, Eric Rescorla wrote:
On Fri, Aug 22, 2008 at 3:12 PM, Pedro Melo <[EMAIL PROTECTED]>
wrote:
Hi again,
On Aug 22, 2008, at 10:58 PM, Pedro Melo wrote:
On Aug 22, 2008, at 9:16 PM, Jonathan Schleifer wrote:
Am 22.08.2008 um 22:00 schrieb Pedro Melo:
SAS, I meant SAS.
Just to be sure: What's the exact difference between SRP and
SAS? I only
had a short look at SRP and it seemed pretty similar.
The references I found:
* SAS:
http://www.ietf.org/internet-drafts/draft-barreto-ietf-dhhmac-
sas-00.txt;
A better reference for SAS, given our context of TLS, is this:
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-mcgrew-tls-
sas.txt
After doing the protocol you end up with a (minimal) 20bit SAS
string.
They recommend (section 5.2.1 Representing the SAS) that we use a
base32
representation. I personally prefer to use the mnemonic encoder
(http://tothink.com/mnemonic/) that gives me a set of three
pronounceable
and distant words.
Anyway, I prefer SAS because it simpler than SRP, given that I
usually have
an alternative channel (not necessary a secure one). SRP usually
requires
physical contact to exchange the secret, and if I'm with the
person I want
to authenticate, I might as well compare the full signature...
In what was is it simpler than SRP? Both require a secure
alternative channel
for at least some value of secure.
SAS requires an integrity protected side channel. SRP requires a
confidential
and integrity protected side channel, though the confidentiality
window can
be made arbitrarily short by doing the password exchange right
before the
handshake.
True (also applies to your previous email).
Best regards,
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!
