- From: Tom Weinstein <tomw@netscape.com>
- Date: Tue, 15 Oct 1996 12:00:09 -0700
- To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
- CC: ietf-tls@w3.org
David P. Kemp wrote: > > > From: Tom Weinstein <tomw@netscape.com> > > >> Yes, a lot of existing protocols have lousy password mechanisms. But >> to integrate any sort of TLS password mechanism, you're going to have >> to change the protocol if for no other reason than to STOP sending >> the password in the clear. If you're going to do that, why not just >> fix the protocol? > > I take it that this is Tom's acknowledgement that there is > justification for including shared-key authentication within TLS as > long as an acceptable method can be found? Fix the protocol means "do > it right", not "don't do it at all"? No, you've misunderstood me. I was referring to the particular protocol, such as telnet or HTTP that you wished to add password authentication to. I still believe that this sort of mechanism does not belong in TLS. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Tuesday, 15 October 1996 14:59:35 UTC