Strong, Password only Encryption -SRP

Jeffrey Altman jaltman at
Thu Jan 29 23:23:08 EST 2004

Is the letter from Phoenix to the IETF stating that they have patent claims
on SPEKE and SRP and that they are willing to license not give away.

The subject is still closed.

Jeffrey Altman

Wachdorf, Daniel R wrote:

>I know this subject has come up before, and i found the previous reply of:
>"The one solution that we know does work and that which seems most
>natural to the end user is the ZKI solution.  You want frustrating?
>Talk to a bunch of lawyers over the question of whether or not the
>SP-EKE patent covers SRP.  If it does not, we will implement SRP
>tomorrow and get this over with since Stanford already gave the
>community the right to use SRP for this purpose.  However, if there
>is any doubt what so ever we can't implement it without opening the
>door to major patent infringement lawsuits for all involved." (Jeffrey
>Well, Phoenix Technologies has published an rfc of SPEKE
>( on 10/22/03.
>They havn't reqliquished any of their IPR claims, but they do give credit to
>Stanford for having the IPR for SRP.  Specifically:
>"6. Intellectual Property Notice
>   Phoenix Technologies Ltd. and Stanford University own patents that
>   describe the SPEKE and SRP methods respectively.  For more
>   information, including contact information for resolving questions,
>   readers are referred to the IPR statements available at
>Now stanford has given the right to use SRP
>Does this mean that the issue of SRP use in Kerberos can be revisted? 
>krbdev mailing list             krbdev at

More information about the krbdev mailing list