[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing on shared-key authentication

To: Tom Weinstein <tomw@xxxxxxxxxxxx>
Subject: Re: Closing on shared-key authentication
From: marcvh@xxxxxxxxxxxx (Marc VanHeyningen)
Date: Fri, 11 Oct 1996 11:39:07 -0700
Cc: "'ietf-tls@xxxxxx'" <ietf-tls@xxxxxx>
In-reply-to: Your message of "Fri, 11 Oct 1996 10:51:12 PDT." <>
Sender: marcvh@xxxxxxxxxxxxxxxxxx

> No, you should certainly do something more than just send the password
> encrypted.  You should avoid sending the password at all, encrypted or
> otherwise.  Some sort of challenge/response mechanism would be
> appropriate, but you are protected from eavesdroppers if you encrypt
> the data.

True.  I'm clearly misunderstanding you then.  You said previously:

>There is no need to add a mechanism
>to TLS when all existing protocols already have a password mechanims.

I assumed the password mechanisms that you meant there were
cleartext ones, not more sophisticated ones based on challenge-response
or keyed hashes or anything else.  Was I wrong?

I believe there is a need to add a mechanism to TLS because, while all
existing protocols have password mechanisms, they're lousy ones.

- Marc

Follow-Ups:
- Re: Closing on shared-key authentication
  - From: Tom Weinstein
- Re: Closing on shared-key authentication
  - From: Eric Murray

References:
- Re: Closing on shared-key authentication
  - From: Tom Weinstein

Prev by Date: Re: Closing on shared-key authentication
Next by Date: Re: Closing on shared-key authentication
Previous by thread: Re: Closing on shared-key authentication
Next by thread: Re: Closing on shared-key authentication
Index(es):
- Date
- Thread