Sequence of Items Calculated
Issue #8
resolved
In the SRP Design doc (http://srp.stanford.edu/design.html) it looks like they create A before they create B, but your documentation says server creates B before it sends to client, whence the client creates both A and M1.
Why this departure from the spec?
Comments (2)
-
-
- changed status to resolved
Not an issue. From a practical perspective implementations want to minimise the network round trips hence following the RCC for SRP with TLS which is wanting to optimise the messaging.
- Log in to comment
Hi,
The SRP library follows the flow specified in http://tools.ietf.org/html/rfc5054
RFC specs undergo serious review and that's why we chose to implement the SSL RFC spec instead of the original paper.
It should be possible to implement an alternative pair of client and server session classes to implement the original flow. Pull requests are welcome :)