- From: Tom Weinstein <tomw@netscape.com>
- Date: Mon, 07 Oct 1996 13:06:45 -0700
- To: Win Treese <treese@OpenMarket.com>
- CC: ietf-tls@w3.org
Win Treese wrote: > > I'd like to close on the question of including shared-key > authentication in TLS. There has been little discussion > of the latest proposal from Barbara Fox, but I think we > went over the arguments pretty thoroughly a few weeks > ago. > > At this point, I propose that we adopt the proposed > modifications for the TLS draft. As always, I am happy > to hear comments either on the list or in direct mail. > > In addition, if there are other burning issues for substantive > changes, please let me know about them now. I fail to see how you can conclude that there's a rough consensus on this proposal. First of all, I feel there are a number of weaknesses in any password scheme. In addition, this proposal has not received nearly as much public review as SSL has. For these reasons, I'm nervous about its security. It also has yet to be proven that this scheme provides any more security than implementing passwords at a higher level. Given this combination of a lack of clear need and possible weakness, I feel that this proposal doesn't belong in TLS. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Monday, 7 October 1996 16:06:57 UTC