- From: Tom Weinstein <tomw@netscape.com>
- Date: Thu, 25 Apr 1996 13:33:32 -0700
- To: "Phillip M. Hallam-Baker" <hallam@w3.org>
- Cc: ietf-tls@w3.org
Phillip M. Hallam-Baker wrote: > > There have been a number of posts to the list that cause me some > concern. In particular there appears to be a possible confusion as to > the cryptographic security of password based systems. Passwords are a > key management issue. The various human factors problems with > passwords are well known but they are convenient and people use them. > > There are cryptographically secure methods of implementing both > symmetric and asymmetric auhentication systems. Asymmetric key offers > more flexibility but at lower performance. Most useful systems involve > a hybrid. S-HTTP uses asymmetric key exchange to establish a shared > secret which can then be used for future transimission. Which is exactly what SSL does. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@netscape.com
Received on Thursday, 25 April 1996 16:34:04 UTC