> No, you should certainly do something more than just send the password > encrypted. You should avoid sending the password at all, encrypted or > otherwise. Some sort of challenge/response mechanism would be > appropriate, but you are protected from eavesdroppers if you encrypt > the data. True. I'm clearly misunderstanding you then. You said previously: >There is no need to add a mechanism >to TLS when all existing protocols already have a password mechanims. I assumed the password mechanisms that you meant there were cleartext ones, not more sophisticated ones based on challenge-response or keyed hashes or anything else. Was I wrong? I believe there is a need to add a mechanism to TLS because, while all existing protocols have password mechanisms, they're lousy ones. - MarcReceived on Friday, 11 October 1996 14:43:04 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:54 EDT