- From: Phillip M. Hallam-Baker <hallam@w3.org>
- Date: Thu, 25 Apr 1996 14:38:39 -0400
- To: ietf-tls@w3.org
There have been a number of posts to the list that cause me some concern. In particular there appears to be a possible confusion as to the cryptographic security of password based systems. Passwords are a key management issue. The various human factors problems with passwords are well known but they are convenient and people use them. There are cryptographically secure methods of implementing both symmetric and asymmetric auhentication systems. Asymmetric key offers more flexibility but at lower performance. Most useful systems involve a hybrid. S-HTTP uses asymmetric key exchange to establish a shared secret which can then be used for future transimission. Phill Hallam-Baker
Received on Thursday, 25 April 1996 14:38:43 UTC