The typical usage I've seen is one entity controlling both ends of the communication (e.g. an IP camera and a server). The secret being provisioned at the installation of the system.
I've never seen it used by humans, but there are contexts were the secure channel to establish the secret exists, e.g. most banks still have large brick and mortars infrastructures, so do tax authorities...
SRP used to authenticate sites and users would make phishing as we know it obsolete, but it would have to be implemented very carefully in the browser so there is no way whatsoever for a website to mimic its password entry UI...
But given the abysmal security record of the PKI model (were a few bad apple really ruin it for everyone else), the world could use a lot more SRP deployment...
I've never seen it used by humans, but there are contexts were the secure channel to establish the secret exists, e.g. most banks still have large brick and mortars infrastructures, so do tax authorities...
SRP used to authenticate sites and users would make phishing as we know it obsolete, but it would have to be implemented very carefully in the browser so there is no way whatsoever for a website to mimic its password entry UI...
But given the abysmal security record of the PKI model (were a few bad apple really ruin it for everyone else), the world could use a lot more SRP deployment...