- From: Keith Moore <moore@cs.utk.edu>
- Date: Thu, 14 Jun 2007 07:13:18 -0400
- To: "tom.petch" <cfinss@dial.pipex.com>
- CC: Adrien de Croy <adrien@qbik.com>, Apps Discuss <discuss@apps.ietf.org>, ietf-http-wg@w3.org
>> >> Seems to me that the issue of securing communications and authenticating >> or identifying parties are closely aligned, why not just have some form >> of auth built into TLS, then we could use it for any protocol that can >> use TLS, instead of having to implement separate auth schemes for every >> higher protocol. >> >> > TLS can do that but it does not gel with the way in which (many) organisations > are structured. Those responsible for security, for security credentials and > their maintenance, do not want to be ferreting around in the depths of a network > stack, they prefer working at application and database level, a point that has > already been alluded to in this thread. how exactly does sending TLS credentials involve ferreting around in the depths of a network stack?
Received on Thursday, 14 June 2007 11:14:52 UTC