[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on minutes
I think that's fine for the purposes of the minutes.
"Linn, John" wrote:
> For minutes purposes, I've now converged to the following draft pair of
> paragraphs. Is this generally acceptable?
> Magnus presented a table comparing the alternatives relative to four
> metrics: client CPU requirements, number of communications roundtrips, level
> of security, and ease of implementation. Each of DH-EKE, SPEKE, and SRP were
> considered as neutral in terms of all of these areas. In discussion, PDM was
> considered weaker in terms of client CPU requirements, but better in terms
> of server CPU requirements than EKE, SPEKE, or SRP, assuming use of a
> shorter modulus for PDM. PDM can be done in one round trip with stateless
> server operation, whereas SRP and the versions of EKE and SPEKE augmented
> not to require storing a password-equivalent at the server requires a
> 4-message exchange. OTP was considered stronger in terms of client CPU
> requirements, numbers of roundtrips, and ease of implementation, but weaker
> in security.
> Radia Perlman (Sun) argued that DH-EKE's and SPEKE's augmented modes, which
> avoid storage of password-equivalent data at servers, incur overhead that is
> unnecessary in the SACRED application. She noted, further, that this
> overhead is intrinsic to SRP. Stephen Farrell asked whether the WG should
> concentrate on one of the first four, or instead emphasize OTP schemes,
> noting that (unlike the other approaches) OTP doesn't generate a key or
> authenticate the server. Tim Polk (NIST) commented that it didn't appear
> that requirements had been agreed sufficiently to support selection of an
> algorithm. A straw poll was taken on algorithm selection, but its results
> were inconclusive. The question will be revisited on the mailing list.
Baltimore Technologies, tel: (direct line) +353 1 881 6716
39 Parkgate Street, fax: +353 1 881 7000
Dublin 8. mailto:stephen.farrell@xxxxxxxxxxxx