ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Symptoms vs. Causes

2007-09-12 08:09:57
from [Eliot Lear] [Permanent Link] 
Eric,

Each of these approaches has a fairly obvious architecture. In fact,
Digest, which I forgot to mention in my previous message,
already has a pre-existing architecture, and PwdHash works with
the existing architecture.
You have to put the two together. ALL of the approaches that you mention fail given an insecure UI. NONE of them are likely to be applicable given a secure UI. What will be necessary is a secured channel from the authentication module of the user to the authenticating party. What is that? It's almost assuredly not going to include IP addresses. How will PSK-TLS work in such circumstances? What is the communication between the module and the browser? And add on top of ALL of that the UI and don't forget registration. 
Eliot

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symptoms vs. Causes, Eliot Lear
Next by Date:  Re: Symptoms vs. Causes, Eric Rescorla
Previous by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Next by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]