[Security] channel bindings

Dirk Meyer dmeyer at tzi.de
Tue Feb 17 11:54:44 CST 2009

Eric Rescorla wrote:
> I don't have time to write a full note here, but I wanted to observe that
> the corresponding TLS mechanism to SCRAM is really TLS-PSK,
> which *is* in OpenSSL. SRP differs from SCRAM and PSK in that
> an attacker can't dictionary search the password offline, whereas
> in SCRAM/PSK he can.

I would like to hear your thoughts on

I agree with you, for me TLS-SRP looks like a better method than channel
bindings with SCRAM. Do you know of any post 2002 development of the SRP
patent issues?


Smash forehead on keyboard to continue.....

More information about the Security mailing list