Strong, Password only Encryption -SRP
Wachdorf, Daniel R
drwachd at sandia.gov
Thu Jan 29 23:11:17 EST 2004
Everyone,
I know this subject has come up before, and i found the previous reply of:
"The one solution that we know does work and that which seems most
natural to the end user is the ZKI solution. You want frustrating?
Talk to a bunch of lawyers over the question of whether or not the
SP-EKE patent covers SRP. If it does not, we will implement SRP
tomorrow and get this over with since Stanford already gave the
community the right to use SRP for this purpose. However, if there
is any doubt what so ever we can't implement it without opening the
door to major patent infringement lawsuits for all involved." (Jeffrey
Altman)
Well, Phoenix Technologies has published an rfc of SPEKE
(http://www.ietf.org/internet-drafts/draft-jablon-speke-02.txt) on 10/22/03.
They havn't reqliquished any of their IPR claims, but they do give credit to
Stanford for having the IPR for SRP. Specifically:
"6. Intellectual Property Notice
Phoenix Technologies Ltd. and Stanford University own patents that
describe the SPEKE and SRP methods respectively. For more
information, including contact information for resolving questions,
readers are referred to the IPR statements available at
http://www.ietf.org/ipr.html."
Now stanford has given the right to use SRP
(http://srp.stanford.edu/license.txt).
Does this mean that the issue of SRP use in Kerberos can be revisted?
-dan
More information about the krbdev
mailing list