David P. Kemp wrote: > > > From: Tom Weinstein <tomw@netscape.com> > > >> Yes, a lot of existing protocols have lousy password mechanisms. But >> to integrate any sort of TLS password mechanism, you're going to have >> to change the protocol if for no other reason than to STOP sending >> the password in the clear. If you're going to do that, why not just >> fix the protocol? > > I take it that this is Tom's acknowledgement that there is > justification for including shared-key authentication within TLS as > long as an acceptable method can be found? Fix the protocol means "do > it right", not "don't do it at all"? No, you've misunderstood me. I was referring to the particular protocol, such as telnet or HTTP that you wished to add password authentication to. I still believe that this sort of mechanism does not belong in TLS. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.comReceived on Tuesday, 15 October 1996 14:59:35 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC