IPP Mail Archive: IPP> SEC - TLS without PKI (Secure Remote

IPP> SEC - TLS without PKI (Secure Remote Password)

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Wed Mar 14 2001 - 16:12:51 EST

  • Next message: vente@go4job.net: "IPP> Go4job.net, la plus grande banque d'emplois au Québec"

    Hi folks,

    Important new development that may cause TLS to be much
    more widely deployed!

    RFC 2945 - SRP Authentication and Key Exchange System
      (Sept 2000, IETF Proposed Standard)

    draft-ietf-tls-srp-00.txt - Using SRP for TLS Authentication
      (5 February 2001, work-in-progress)

    SRP (Secure Remote Password) allows all of our old-fashioned
    username/password credentials to be used to establish strong
    authentication WITHOUT use of PKI (public key infrastructure)
    or Kerberos (the current options in TLS).

    As those of you who follow security already know, PKI is
    frighteningly expensive to deploy and poorly interoperable
    across various commerical PKI products.

    SRP may very well turn out to be the 'pixie dust' we need
    to get IPP over HTTP over TLS implementations more widely
    deployed. Although this draft looks like a first draft (-00),
    it's just the first time that the IETF TLS WG has officially
    published it (based on previous individual contributions).
    Expect this to move through the IETF process very quickly.
    It could be the saving of TLS.

    Cheers,
    - Ira McDonald, consulting architect at Sharp and Xerox
      High North Inc

    PS - Quite a few IETF WG's are now looking at SRP.



    This archive was generated by hypermail 2b29 : Wed Mar 14 2001 - 16:15:47 EST