- From: Barb Fox <bfox@microsoft.com>
- Date: Mon, 7 Oct 1996 13:29:19 -0700
- To: "'Win Treese'" <treese@OpenMarket.com>, "'Tom Weinstein'" <tomw@netscape.com>
- Cc: "'ietf-tls@w3.org'" <ietf-tls@w3.org>
Tom: Win is correct that the majority of people who posted on this topic were in favor. Barbara Fox bfox@microsoft.com >---------- >From: Tom Weinstein[SMTP:tomw@netscape.com] >Sent: Monday, October 07, 1996 1:06 PM >To: Win Treese >Cc: ietf-tls@w3.org >Subject: Re: Closing on shared-key authentication > >Win Treese wrote: >> >> I'd like to close on the question of including shared-key >> authentication in TLS. There has been little discussion >> of the latest proposal from Barbara Fox, but I think we >> went over the arguments pretty thoroughly a few weeks >> ago. >> >> At this point, I propose that we adopt the proposed >> modifications for the TLS draft. As always, I am happy >> to hear comments either on the list or in direct mail. >> >> In addition, if there are other burning issues for substantive >> changes, please let me know about them now. > >I fail to see how you can conclude that there's a rough consensus on >this proposal. > >First of all, I feel there are a number of weaknesses in any password >scheme. In addition, this proposal has not received nearly as much >public review as SSL has. For these reasons, I'm nervous about its >security. It also has yet to be proven that this scheme provides any >more security than implementing passwords at a higher level. Given this >combination of a lack of clear need and possible weakness, I feel that >this proposal doesn't belong in TLS. > >-- >You should only break rules of style if you can | Tom Weinstein >coherently explain what you gain by so doing. | tomw@netscape.com > >
Received on Monday, 7 October 1996 16:59:05 UTC