Re: Shared Key Authentication record type

Jeff Williams wrote:
>> No, you've misunderstood me.  I was referring to the particular
>> protocol, such as telnet or HTTP that you wished to add password
>> authentication to.  I still believe that this sort of mechanism does
>> not belong in TLS.
>   In your opinion, what would be the problem adding extension for
> Telnet or HTTP for password authentication?  I would think it is
> a logical inclusion.  I am confused here?  Help me out, ok?

My point was that if you already have to add a more secure password
mechanism to these other protocols because they will be used without
TLS, then it's redundant to add such a mechanism to TLS.

You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      |

Received on Tuesday, 15 October 1996 18:00:31 UTC