Is there a plan or existing implementation of RFC 5054 in any of the major browsers yet?
If nobody has an implementation yet, then which major browsers have it on their roadmap? Where?
This feature is on Mozilla's radar, and there are a couple of feature enhancement requests on record at bugzilla.mozilla.org (356855,405155), but they've been pretty quiet lately. There maybe a lack of an appreciation of what SRP is good for.
For my two cents, SRP/TLS seems to not mesh well with existing security models in Firefox, so implementation touches many different parts of the browser (from UI to NSS). Could be a similar issue for other browsers as well?
cURL will have TLS-SRP support in the next release. See the Patch for TLS-SRP support (using GnuTLS) thread in curl-library. (I revived a patch by Peter Sylvester.)
And I'm trying to revive Steffen Schulz's bugzilla patches for TLS-SRP in NSS (bugzilla #405155), which is Mozilla's SSL/TLS library. I've updated the patches to work with the latest NSS and will post them in a week or so. Once it's working in NSS, then Firefox is next.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With