- From: Jeff Williams <jwkckid1@ix.netcom.com>
- Date: Tue, 15 Oct 1996 15:13:39 -0500
- To: Tom Weinstein <tomw@netscape.com>
- Cc: ietf-tls@w3.org
Tom, Please read below your comments. At 12:00 PM 10/15/96 -0700, you wrote: >David P. Kemp wrote: >> >> > From: Tom Weinstein <tomw@netscape.com> >> > >>> Yes, a lot of existing protocols have lousy password mechanisms. But >>> to integrate any sort of TLS password mechanism, you're going to have >>> to change the protocol if for no other reason than to STOP sending >>> the password in the clear. If you're going to do that, why not just >>> fix the protocol? >> >> I take it that this is Tom's acknowledgement that there is >> justification for including shared-key authentication within TLS as >> long as an acceptable method can be found? Fix the protocol means "do >> it right", not "don't do it at all"? > >No, you've misunderstood me. I was referring to the particular >protocol, such as telnet or HTTP that you wished to add password >authentication to. I still believe that this sort of mechanism does >not belong in TLS. In your opinion, what would be the problem adding extension for Telnet or HTTP for password authentication? I would think it is a logical inclusion. I am confused here? Help me out, ok? Reguards, Jeffrey A. Williams SR.Internet Network Eng. CEO., IEG., INC., Representing PDS .Ltd. Web: http://www.pds-link.com Phone: 214-793-7445 (Direct Line) Director of Network Eng. and Development IEG. INC.
Received on Tuesday, 15 October 1996 16:38:24 UTC