Re: Two more thoughts about credentials download protocols

[Mike DeGraw-Bertsch <mbertsch@xxxxxxxxxxx>]

Perhaps I misunderstand the problem, but...  While I agree that this is
mostly a user interface issue, not a protocol issue, shouldn't the
username transmission be encrypted anyway?  It's my understanding that the
protocol should be authentication-type agnostic, and therefor whatever is
being sent should be encrypted as a whole, irrespective of if it's a
username, password, private key, or whatever.

  -Mike Bertsch

On Wed, 3 Jan 2001, Darren Moffat wrote:

> 
> 
> > I'd be interested in what others think about the requirement and
> > especially other ideas for (possibly partly) solving the problem.
> 
> My thoughts on this are that this is a user interface design problem and really
> isn't
> anything to do with the protocol.  If an application on the client side sends
> the users
> password across in the "username" part of the protcol then it is because the UI
> of
> that client was unable to present information in a sufficiently clear maner to
> the user
> to get the correct data.
> 
> Thats not to say it isn't an interesting problem, I just don't think it is one
> that can
> be solved at a protocol layer.
> 
> --
> Darren J Moffat
>