W3C home > Mailing lists > Public > ietf-tls@w3.org > October to December 1996

Re: Shared Key Authentication record type

From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 15 Oct 1996 12:00:09 -0700
Message-ID: <3263DF39.15FB@netscape.com>
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
CC: ietf-tls@w3.org
David P. Kemp wrote:
> > From: Tom Weinstein <tomw@netscape.com>
> >
>> Yes, a lot of existing protocols have lousy password mechanisms.  But
>> to integrate any sort of TLS password mechanism, you're going to have
>> to change the protocol if for no other reason than to STOP sending
>> the password in the clear.  If you're going to do that, why not just
>> fix the protocol?
> I take it that this is Tom's acknowledgement that there is
> justification for including shared-key authentication within TLS as
> long as an acceptable method can be found?  Fix the protocol means "do
> it right", not "don't do it at all"?

No, you've misunderstood me.  I was referring to the particular
protocol, such as telnet or HTTP that you wished to add password
authentication to.  I still believe that this sort of mechanism does
not belong in TLS.

You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com
Received on Tuesday, 15 October 1996 14:59:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC