I noticed that step 2 suggests sending the client's public ephemeral value to the server, but the server only makes use of the username. We can probably defer sending that information until it is actually used by the server in step 4 (e.g. send it along with the proof in step 3).
I noticed that step 2 suggests sending the client's public ephemeral value to the server, but the server only makes use of the username. We can probably defer sending that information until it is actually used by the server in step 4 (e.g. send it along with the proof in step 3).