W3C home > Mailing lists > Public > ietf-tls@w3.org > July to September 1996

Re: Adding a high-security channel for passwords -Reply

From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 08 Aug 1996 03:31:22 -0700
Message-ID: <3209C1FA.3B33@netscape.com>
To: "Paul C. Kocher" <pck@netcom.com>
CC: ietf-tls@w3.org
Paul C. Kocher wrote:
> Baber Amin writes:
> > The idea sounds good, but if you offer good encryption for authnetication,
> > can we absolutely gaurentee that it would not be used for user data
> > other than pin or hashed password.
> > Do we even need to hash the password if it is being sent in a secure
> > fashion.
> Under my suggestion, the TLS protocol would allow virtually anything
> to go on the secure channel, but exportable implementations would
> have to limit the use of the secure encryption to meet government
> regulations.

  It seems to me that this would encourage interoperability problems
down the road.


Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Received on Thursday, 8 August 1996 06:34:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:58 UTC