W3C home > Mailing lists > Public > ietf-tls@w3.org > October to December 1996

Re: Layering and Shared-key authentication

From: David Brownell - JavaSoft <david.brownell@Eng.Sun.COM>
Date: Tue, 8 Oct 1996 12:46:47 -0700
Message-Id: <199610081946.MAA13514@argon.eng.sun.com>
To: ietf-tls@w3.org, ekr@terisa.com
> A lot of the arguments against shared secret client authentication
> seem to be layering arguments. Specifically, the argument seems to 
> be that shared secret style authentication properly belongs at the
> application layer.

I may be the first person to have mentioned the specific issue of a
layering violation, and I'll clarify a misunderstanding here.  My issue
had nothing to do with using shared secrets.  (I can't speak for the
particular issues anyone else may have intended.)

My issue was related to the specific proposal made by Microsoft, which
would force specific application level issues, related to the languages
and character sets used by applications (and in fact whether the secret
is directly known to a user or not, etc), into the transport layer
security protocol.  (Resolve that issue and there were still a bunch of
other issues ... )

In no way did I say that "shared secrets" in general are bad to include
in a transport level, or contrariwise that "public keys" are bad.  One
only needs to look at GSS-API for an example of some existing practice,
already deemed reasonable by the IETF.  It supports both schemes.

If folk want shared secret authentication, I suggest looking at the
work already done by the GSS-API working group; it's supported Kerberos
for a long time, and evidently now supports some public key flavors.

- Dave
Received on Tuesday, 8 October 1996 15:51:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC