Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

TLS/SRP in browsers?

Is there a plan or existing implementation of RFC 5054 in any of the major browsers yet?

If nobody has an implementation yet, then which major browsers have it on their roadmap? Where?

like image 746
Jason Avatar asked May 06 '10 05:05

Jason


2 Answers

This feature is on Mozilla's radar, and there are a couple of feature enhancement requests on record at bugzilla.mozilla.org (356855,405155), but they've been pretty quiet lately. There maybe a lack of an appreciation of what SRP is good for.

For my two cents, SRP/TLS seems to not mesh well with existing security models in Firefox, so implementation touches many different parts of the browser (from UI to NSS). Could be a similar issue for other browsers as well?

like image 185
academicRobot Avatar answered Nov 20 '22 01:11

academicRobot


cURL will have TLS-SRP support in the next release. See the Patch for TLS-SRP support (using GnuTLS) thread in curl-library. (I revived a patch by Peter Sylvester.)

And I'm trying to revive Steffen Schulz's bugzilla patches for TLS-SRP in NSS (bugzilla #405155), which is Mozilla's SSL/TLS library. I've updated the patches to work with the latest NSS and will post them in a week or so. Once it's working in NSS, then Firefox is next.

like image 5
sqs Avatar answered Nov 19 '22 23:11

sqs