Brian Smith wrote:
Nelson B Bolyard wrote:
[...]
I'm talking about putting JBAKE (or whatever it is) into the base product.
[...]
Is there something specific about J-PAKE that you think is bad or
worse than some alternative? Are you objecting to J-PAKE because you do
not trust the proofs of security given by the authors? Is there anything
you'd like to have clarified about how the Sync team is proposing to use
J-PAKE and what steps we're planning to take to make the key exchange safe?
Hi, Brian.
I believe mostly the problem is that the enthousiam level of Nelson for
any password based solution is extremly low.
I think the best way forward for now is to work to make FreeBL/mpi
available for javascript, use it for your J-PAKE implementation, but
include a way to select the algorithm in your protocol so that it's not
hardcoded to be J-PAKE.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
