I'm having some Google failure here. Is there a plan or existing implementation of RFC 5054 in any of the major browsers yet?
If nobody has an implementation yet, then which major browsers have it on their roadmap? Where?
So to the best of your knowledge, none of the web browsers have implemented this natively?
Jason
2010-05-07 19:23:06
That demo uses a Java applet.
rakslice
2010-05-10 22:30:19
+1
A:
This feature is on Mozilla's radar, and there are a couple of feature enhancement requests on record at bugzilla.mozilla.org (356855, 405155), but they've been pretty quite lately. There maybe a lack of an appreciation of what SRP is good for.
For my two cents, SRP/TLS seems to not mesh well with existing security models in Firefox, so implementation touches many different parts of the browser (from UI to NSS). Could be a similar issue for other browsers as well?
academicRobot
2010-05-16 07:55:15
Could be. But it seems like lately NOTHING meshes with the existing security models (including security). I think we're due for a rethink on SSL certificates (see also DN spoofing) as well.
Jason
2010-05-16 22:10:23
@Jason SSL has it's weak points, its true. I wasn't digging on SRP/TLS, the idea of it is really growing on me. The point I was alluding to is that in a large, complex project like a browser, it can be hard to make these kind of changes without serious demand, and demand is just not there among general users. Go hence, and spread the word of RFC 5054!
academicRobot
2010-05-17 01:19:42