- From: Marc VanHeyningen <marcvh@aventail.com>
- Date: Thu, 10 Oct 1996 14:45:56 -0700
- To: "'ietf-tls@w3.org'" <ietf-tls@w3.org>
> - The only security reason for including password auth in TLS is that > it gains stronger security by having access to strong crypto in the > export case. I don't think we should include features this major > based solely on brain-damaged US export regulations that will > hopefully soon change. Seems to me that's only if you assume the best way to secure password auth is to just encrypt the password, as opposed to using other more sophisticated methods. It also is true only if you're willing to accept authentication that is dependent upon the security of the encryption; some people feel this is undesrable for reasons having nothing to do with export regulations.
Received on Thursday, 10 October 1996 17:50:02 UTC