- From: Dan Simon <dansimon@microsoft.com>
- Date: Tue, 6 Aug 1996 19:43:41 -0700
- To: "'ietf-tls@w3.org'" <ietf-tls@w3.org>, "'pck@netcom.com'" <pck@netcom.com>
> >From: pck@netcom.com[SMTP:pck@netcom.com] > >For password authentication what we really are trying to create >is a more secure encryption method for moving the hashed password >across the wire. > >Instead of adding a set of extra fields to the protocol for >passwords, it seems to make more sense to buind in capabilities >to send securely-encrypted data of any type. This could be >useful for other applications as well, such as credit card >numbers, non-user-accessible control information, biometric >identification information, etc. In general, applications >would probably be free to decide what to use this for. Actually, I expect that in exportable TLS implementations applications would *not* be free to decide what to use this for, since the TLS implementation would presumably have to use some means to prevent sneaky applications from using the extra channel for user data. In any event, if this solution is more palatable to the working group than the addition of a specific password authentication feature, then I, for one, am happy with it. > > Daniel Simon > Cryptographer, Microsoft Corp. > dansimon@microsoft.com > > >
Received on Wednesday, 7 August 1996 17:00:51 UTC