Tom, Please read below your comments. At 12:00 PM 10/15/96 -0700, you wrote: >David P. Kemp wrote: >> >> > From: Tom Weinstein <tomw@netscape.com> >> > >>> Yes, a lot of existing protocols have lousy password mechanisms. But >>> to integrate any sort of TLS password mechanism, you're going to have >>> to change the protocol if for no other reason than to STOP sending >>> the password in the clear. If you're going to do that, why not just >>> fix the protocol? >> >> I take it that this is Tom's acknowledgement that there is >> justification for including shared-key authentication within TLS as >> long as an acceptable method can be found? Fix the protocol means "do >> it right", not "don't do it at all"? > >No, you've misunderstood me. I was referring to the particular >protocol, such as telnet or HTTP that you wished to add password >authentication to. I still believe that this sort of mechanism does >not belong in TLS. In your opinion, what would be the problem adding extension for Telnet or HTTP for password authentication? I would think it is a logical inclusion. I am confused here? Help me out, ok? Reguards, Jeffrey A. Williams SR.Internet Network Eng. CEO., IEG., INC., Representing PDS .Ltd. Web: http://www.pds-link.com Phone: 214-793-7445 (Direct Line) Director of Network Eng. and Development IEG. INC.Received on Tuesday, 15 October 1996 16:38:24 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC