connect2id / Nimbus-SRP / issues / #8 - Sequence of Items Calculated — Bitbucket

Issue #8 resolved

Former user created an issue 2014-10-21

In the SRP Design doc (http://srp.stanford.edu/design.html) it looks like they create A before they create B, but your documentation says server creates B before it sends to client, whence the client creates both A and M1.

Why this departure from the spec?

Comments (2)

Connect2id OSS
Hi,

The SRP library follows the flow specified in http://tools.ietf.org/html/rfc5054

RFC specs undergo serious review and that's why we chose to implement the SSL RFC spec instead of the original paper.

It should be possible to implement an alternative pair of client and server session classes to implement the original flow. Pull requests are welcome :)
- 2014-10-21T11:29:17+00:00
simon
- changed status to resolved
Not an issue. From a practical perspective implementations want to minimise the network round trips hence following the RCC for SRP with TLS which is wanting to optimise the messaging.
- 2016-10-27T10:57:20+00:00
Log in to comment

Assignee: Connect2id OSS

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!