I am on the impression that SRP emerges as the least uncommon and best analyzed protocol for authentication and key agreement based on a short password.
This states that SRP is part of IEC 11770-4, among other protocols. But no version is specified, and I've seen there's SRP-1, SRP-2, SRP-3, SRP-6, and the current SRP-6a.
Hence my first question: which version(s) of SRP are in ISO/IEC 11770-4:2006? (link is to a free preview; drafts are available here to those willing to subscribe to a mailing list, and I have yet to spot a meaningful technical difference between the October 31, 2005 draft and the real thing)
Which list of parameters and options to SRP or/and ISO/IEC 11770-4:2006 would be necessary to define implementations to the point of being secure and inter-operable?
Also: ISO/IEC 11770-4:2006 can use an Elliptic Curve setting, with (I guess) shorter cryptograms; is that the case for SRP?
Update: the motivation of the question is that ISO/IEC 11770-4 is an international standard, approved by a committee, which is more reassuring to a decision-maker than SRP-6a as defined by a web page than can disappear or change any second.
In a comment, Smit Johnth suggested TLS-SRP/RFC 5054, which has some traction. That could be a possible choice. I'm reading it as implementing SRP-6a, despite claiming to implement SRP-6 with reference to documents predating SRP-6a. My main reservations are that TLS is a bit heavy for my application; and RFC 5054 is stuck to SHA-1, which is bad from a certification standpoint: in France, any hash less than 200 bits, or 256 bits for use after year 2020, does not match rules in section 2.3 of these official recommendations, which at least can make a prescriber less comfortable.
