On Wednesday 03 June 2009 00:50:23 Simon Josefsson wrote: > Justin Karneges <[email protected]> writes: > > In contrast, draft-meyer-xmpp-e2e-encryption-01 specifies that passwords > > should be used natively in TLS, via the SRP extension. This approach is > > ideal from a protocol perspective, but comes with a high cost: developers > > may need to rework/switch TLS libraries. In my opinion, this is not > > XMPP's battle. I think being able to use "off the shelf" TLS libraries > > is a noble goal, and one we should choose over protocol purity. > > Sure, but the word "somehow" is critical, and I suspect SRP may turn out > to be the simplest way to achieve the goal. Other alternatives include > inventing protocols like bluetooth-pairing or ZRTP, but compared to > those, I believe TLS-SRP is "off the shelf". I'm not aware of well > standardized online password-based solutions, without a trusted third > party (think Kerberos), that have good properties except for SRP. PSK > based on a password has offline dictionary attack concerns. Does anyone > recall discussion of other options?
Do offline dictionary attacks matter? (Not that I'm advocating PSK, as I think that's an even more esoteric feature than SRP). At one point, our aim was to have an online SAS exchange using a small, throw-away password. Dirk: has this changed? -Justin
