Hi folks,
Important new development that may cause TLS to be much
more widely deployed!
RFC 2945 - SRP Authentication and Key Exchange System
(Sept 2000, IETF Proposed Standard)
draft-ietf-tls-srp-00.txt - Using SRP for TLS Authentication
(5 February 2001, work-in-progress)
SRP (Secure Remote Password) allows all of our old-fashioned
username/password credentials to be used to establish strong
authentication WITHOUT use of PKI (public key infrastructure)
or Kerberos (the current options in TLS).
As those of you who follow security already know, PKI is
frighteningly expensive to deploy and poorly interoperable
across various commerical PKI products.
SRP may very well turn out to be the 'pixie dust' we need
to get IPP over HTTP over TLS implementations more widely
deployed. Although this draft looks like a first draft (-00),
it's just the first time that the IETF TLS WG has officially
published it (based on previous individual contributions).
Expect this to move through the IETF process very quickly.
It could be the saving of TLS.
Cheers,
- Ira McDonald, consulting architect at Sharp and Xerox
High North Inc
PS - Quite a few IETF WG's are now looking at SRP.