W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Passwords an security.

From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 25 Apr 1996 13:33:32 -0700
Message-Id: <317FE19C.41C6@netscape.com>
To: "Phillip M. Hallam-Baker" <hallam@w3.org>
Cc: ietf-tls@w3.org
Phillip M. Hallam-Baker wrote:
> 
> There have been a number of posts to the list that cause me some
> concern. In particular there appears to be a possible confusion as to
> the cryptographic security of password based systems. Passwords are a
> key management issue. The various human factors problems with
> passwords are well known but they are convenient and people use them.
> 
> There are cryptographically secure methods of implementing both
> symmetric and asymmetric auhentication systems. Asymmetric key offers
> more flexibility but at lower performance. Most useful systems involve
> a hybrid. S-HTTP uses asymmetric key exchange to establish a shared
> secret which can then be used for future transimission.

Which is exactly what SSL does.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com
Received on Thursday, 25 April 1996 16:34:04 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT