Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Hel

  btw, can you provide details of your proposal that you gave 1995?
And what was Dave's proposal in 1992?

Does it?  The Auth-ID is still transmitted in the clear, exposing it to
everything between the server and the client.  And expiration wouldn't


   See the content of Auth-ID in light of the proposal given earlier
(see above) where this ID :

1. may be encoded / encrypted (as required)
2. has an algorithm for generation - which may include IP addresses of
both the parties etc
3. obviously, has some data that is specific to the server (that does
session management). This is the private part of the ID which, again,
may be en-coded/crypted.


-- 
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Complaining about ADs to Nomcom (Re: Voting (again)), Dave Crocker

Next by Date:

Re: Complaining about ADs to Nomcom (Re: Voting (again)), Spencer Dawkins

Previous by Thread:

Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed, Tommy M. McGuire

Next by Thread:

Uneccesary slowness., Will McAfee

Indexes:

[Date] [Thread] [Top] [All Lists]