He's correct that SRP is really the relevant standard for the full authentication system here, as well.
see, this is one of the places where I get confused. i don't read this proposal as being an authentication system. i read it as being an attempt to aid users in creating strong passwords that are not shared across sites. the proposed implementation certainly isn't perfect (i much prefer the implementation provided by https://addons.mozilla.org/en-US/firefox/addon/3282/ , but that also has problems ), but it seems to me that many of the critiques presented so far are trying to measure this proposal against the wrong metrics.
"this proposal" was meant to refer to the article, not SRP. hence my comment that we're measuring it against the wrong metrics: it's no surprise that this proposal doesn't stack up when compared to SRP, since, to my reading, it isn't meant to be compared to it.
see, this is one of the places where I get confused. i don't read this proposal as being an authentication system. i read it as being an attempt to aid users in creating strong passwords that are not shared across sites. the proposed implementation certainly isn't perfect (i much prefer the implementation provided by https://addons.mozilla.org/en-US/firefox/addon/3282/ , but that also has problems ), but it seems to me that many of the critiques presented so far are trying to measure this proposal against the wrong metrics.