ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Symptoms vs. Causes

2007-09-12 07:34:45
from [Eliot Lear] [Permanent Link] 
Eric Rescorla wrote:

None of the systems I mentioned (TLS-PSK, SRP, PwdHash) has this
problem--provided that the user actually uses the new authentication
method and doesn't type his password into some Web form. But of course that's a UI problem, not a protocol problem.
As I wrote, the problem is in both places. For one thing, TLS-PSK, SRP, and PwdHash all have the problem that they require some sort of secure interface on what is generally an insecure platform. What is needed is a way to modularize and isolate those authentication transactions. Sam claims it can be done in software - fine. What is the communication path to and from? What's the architecture? 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symptoms vs. Causes, Eric Rescorla
Next by Date:  IPv6 will never fly: ARIN continues to kill it, Michael Richardson
Previous by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Next by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]