- From: Jeff Williams <jwkckid1@ix.netcom.com>
- Date: Fri, 11 Oct 1996 15:40:23 -0500
- To: marcvh@aventail.com (Marc VanHeyningen)
- Cc: ietf-tls@w3.org
Mark, Please read below your comments. At 11:39 AM 10/11/96 -0700, you wrote: >> No, you should certainly do something more than just send the password >> encrypted. You should avoid sending the password at all, encrypted or >> otherwise. Some sort of challenge/response mechanism would be >> appropriate, but you are protected from eavesdroppers if you encrypt >> the data. > >True. I'm clearly misunderstanding you then. You said previously: > >>There is no need to add a mechanism >>to TLS when all existing protocols already have a password mechanims. > >I assumed the password mechanisms that you meant there were >cleartext ones, not more sophisticated ones based on challenge-response >or keyed hashes or anything else. Was I wrong? > >I believe there is a need to add a mechanism to TLS because, while all >existing protocols have password mechanisms, they're lousy ones. Here here! I agree. The current password mechanism is definatly flawed or is te easely accessed. And chalange/response mechanism might also be included as well as an option or feature. Reguards, > >- Marc > > > > Jeffrey A. Williams SR.Internet Network Eng. CEO., IEG., INC., Representing PDS .Ltd. Web: http://www.pds-link.com Phone: 214-793-7445 (Direct Line) Director of Network Eng. and Development IEG. INC.
Received on Friday, 11 October 1996 17:04:25 UTC