- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Fri, 26 Apr 1996 08:49:42 -0400
- To: ietf-tls@w3.org
From: Dan Simon <dansimon@microsoft.com> Date: Thu, 25 Apr 1996 16:19:06 -0700 > PCT 2.0 does not permit this kind of authentication. Password-based > authentication is only permitted for either the client or the server > (*not* both), in conjunction with a public-key-based key exchange. Thank you for explaining this. Next time I will read the spec more thoroughly before commenting. Using passwords in this manner sounds like a useful capability for the TLS protocol to support. From: Bennet Yee <bsy@cs.ucsd.edu> Date: Wed, 24 Apr 1996 16:03:09 -0700 > The idea of providing > the pre-encryption mechanism (also applies to the on-the-fly > compression found in SSLv3) is to hide the complexity from the > client. Yes, client non-transparency is a big disadvantage of negotiating NULL protection for pre-encrypted data. That is justification enough for giving the PCT pre-encryption proposal some serious scrutiny.
Received on Friday, 26 April 1996 08:49:51 UTC