W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

RE: Password Authentication

From: David P. Kemp <dpkemp@missi.ncsc.mil>
Date: Fri, 26 Apr 1996 08:49:42 -0400
Message-Id: <199604261249.IAA19044@argon.ncsc.mil>
To: ietf-tls@w3.org

From: Dan Simon <dansimon@microsoft.com>
Date: Thu, 25 Apr 1996 16:19:06 -0700

> PCT 2.0 does not permit this kind of authentication.  Password-based
> authentication is only permitted for either the client or the server
> (*not* both), in conjunction with a public-key-based key exchange. 

Thank you for explaining this.  Next time I will read the spec more
thoroughly before commenting.

Using passwords in this manner sounds like a useful capability for
the TLS protocol to support.

From: Bennet Yee <bsy@cs.ucsd.edu>
Date: Wed, 24 Apr 1996 16:03:09 -0700

> The idea of providing
> the pre-encryption mechanism (also applies to the on-the-fly
> compression found in SSLv3) is to hide the complexity from the
> client.

Yes, client non-transparency is a big disadvantage of negotiating
NULL protection for pre-encrypted data.  That is justification enough
for giving the PCT pre-encryption proposal some serious scrutiny.
Received on Friday, 26 April 1996 08:49:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:58 UTC