[Security] About the Firefox 3 Security Dialog & others

Eric Rescorla ekr at rtfm.com
Fri Aug 22 15:33:23 CDT 2008

On Fri, Aug 22, 2008 at 1:16 PM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>> SAS, I meant SAS.
> Just to be sure: What's the exact difference between SRP and SAS? I only had
> a short look at SRP and it seemed pretty similar.

In SRP, we agree on a single shared (short) key ahead of time and use that to
validate the connection.

In SAS, the connection handshake outputs a key which we then need to compare
*after* connection establishment.


More information about the Security mailing list