Strong, Password only Encryption -SRP

Wachdorf, Daniel R drwachd at
Thu Jan 29 23:11:17 EST 2004


I know this subject has come up before, and i found the previous reply of:

"The one solution that we know does work and that which seems most
natural to the end user is the ZKI solution.  You want frustrating?
Talk to a bunch of lawyers over the question of whether or not the
SP-EKE patent covers SRP.  If it does not, we will implement SRP
tomorrow and get this over with since Stanford already gave the
community the right to use SRP for this purpose.  However, if there
is any doubt what so ever we can't implement it without opening the
door to major patent infringement lawsuits for all involved." (Jeffrey

Well, Phoenix Technologies has published an rfc of SPEKE
( on 10/22/03.
They havn't reqliquished any of their IPR claims, but they do give credit to
Stanford for having the IPR for SRP.  Specifically:

"6. Intellectual Property Notice

   Phoenix Technologies Ltd. and Stanford University own patents that
   describe the SPEKE and SRP methods respectively.  For more
   information, including contact information for resolving questions,
   readers are referred to the IPR statements available at"

Now stanford has given the right to use SRP

Does this mean that the issue of SRP use in Kerberos can be revisted? 


More information about the krbdev mailing list