[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closing on shared-key authentication

To: marcvh@xxxxxxxxxxxx (Marc VanHeyningen)
Subject: Re: Closing on shared-key authentication
From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
Date: Fri, 11 Oct 1996 15:40:23 -0500
Cc: ietf-tls@xxxxxx

Mark,

  Please read below your comments.

At 11:39 AM 10/11/96 -0700, you wrote:
>> No, you should certainly do something more than just send the password
>> encrypted.  You should avoid sending the password at all, encrypted or
>> otherwise.  Some sort of challenge/response mechanism would be
>> appropriate, but you are protected from eavesdroppers if you encrypt
>> the data.
>
>True.  I'm clearly misunderstanding you then.  You said previously:
>
>>There is no need to add a mechanism
>>to TLS when all existing protocols already have a password mechanims.
>
>I assumed the password mechanisms that you meant there were
>cleartext ones, not more sophisticated ones based on challenge-response
>or keyed hashes or anything else.  Was I wrong?
>
>I believe there is a need to add a mechanism to TLS because, while all
>existing protocols have password mechanisms, they're lousy ones.

  Here here!  I agree. The current password mechanism is definatly flawed
or is te easely accessed.  And chalange/response mechanism might also be 
included as well as an option or feature.

Reguards,
 
>
>- Marc
>
>
>
>
Jeffrey A. Williams
SR.Internet Network Eng. 
CEO., IEG., INC.,  Representing PDS .Ltd.
Web: http://www.pds-link.com 
Phone: 214-793-7445 (Direct Line)
Director of Network Eng. and Development IEG. INC.

Prev by Date: Re: Closing on shared-key authentication
Next by Date: Re: Closing on shared-key authentication
Previous by thread: Re: Closing on shared-key authentication
Next by thread: Re: Closing on shared-key authentication
Index(es):
- Date
- Thread