Add initial draft of SRP spec

[luna-duclos]

With this pull request, I'd like to open up a discussion about this draft SRP spec for zeroMQ.
It is by no means finished, but I'd like to gather feedback while I finish it and this is the best way of doing that.

A few of the things open for discussion, as well as obviously this whole document:

• What hashing algorithm do we want to use ? The obvious choices here seem blake and sha-2. With the recent fuss around the NSA & NIST, perhaps blake is a better choice ?
• The random prime to pick. The size is the main important difference here, there are primes available ranging from 1024 bits to 8192 bits.
• The symmetric encryption algorithm to use after the session key has been negotiated.

[cocagne]

The description is missing a couple of advantageous aspects of the SRP protocol that might be worth including.

• Mutual authentication of the client and server, both can detect when the other does not know the password (poor-man's certificates)
• Zero-knowledge password protocol (wire-snooping gains the attacker nothing)
• It's almost as easy to use as PLAIN but with TLS-quality authentication (reference RFC 5054)

Additionally, I found your use of the word "key" here a little confusing. The server stores a "verifier" but it's more akin to a salted-hash of a password than it is to a PKI key... which is what the use of "key" in this context makes me think of. It's not an incorrect description but it took a bit of thinking to figure out what you meant.

[hintjens]

I've posted it to http://rfc.zeromq.org/spec:34, tagged as "raw". @PSG-Sakari if/when you like. I'll copy-edit the text.