Eric Rescorla wrote: > I don't have time to write a full note here, but I wanted to observe that > the corresponding TLS mechanism to SCRAM is really TLS-PSK, > which *is* in OpenSSL. SRP differs from SCRAM and PSK in that > an attacker can't dictionary search the password offline, whereas > in SCRAM/PSK he can.
I would like to hear your thoughts on http://xmpp.org/extensions/inbox/jingle-xtls.html#sect-id2254294 I agree with you, for me TLS-SRP looks like a better method than channel bindings with SCRAM. Do you know of any post 2002 development of the SRP patent issues? Dirk -- Smash forehead on keyboard to continue.....
