[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shared Key Authentication record type

To: Tom Weinstein <tomw@xxxxxxxxxxxx>
Subject: Re: Shared Key Authentication record type
From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
Date: Tue, 15 Oct 1996 15:13:39 -0500
Cc: ietf-tls@xxxxxx

Tom,

  Please read below your comments.

At 12:00 PM 10/15/96 -0700, you wrote:
>David P. Kemp wrote:
>> 
>> > From: Tom Weinstein <tomw@xxxxxxxxxxxx>
>> >
>>> Yes, a lot of existing protocols have lousy password mechanisms.  But
>>> to integrate any sort of TLS password mechanism, you're going to have
>>> to change the protocol if for no other reason than to STOP sending
>>> the password in the clear.  If you're going to do that, why not just
>>> fix the protocol?
>> 
>> I take it that this is Tom's acknowledgement that there is
>> justification for including shared-key authentication within TLS as
>> long as an acceptable method can be found?  Fix the protocol means "do
>> it right", not "don't do it at all"?
>
>No, you've misunderstood me.  I was referring to the particular
>protocol, such as telnet or HTTP that you wished to add password
>authentication to.  I still believe that this sort of mechanism does
>not belong in TLS.

  In your opinion, what would be the problem adding extension for
Telnet or HTTP for password authentication?  I would think it is
a logical inclusion.  I am confused here?  Help me out, ok?

Reguards,

Jeffrey A. Williams
SR.Internet Network Eng. 
CEO., IEG., INC.,  Representing PDS .Ltd.
Web: http://www.pds-link.com 
Phone: 214-793-7445 (Direct Line)
Director of Network Eng. and Development IEG. INC.

Follow-Ups:
- Re: Shared Key Authentication record type
  - From: Tom Weinstein

Prev by Date: Re: Shared Key Authentication record type
Next by Date: Re: Shared Key Authentication record type
Previous by thread: Re: Shared Key Authentication record type
Next by thread: Re: Shared Key Authentication record type
Index(es):
- Date
- Thread