[18322] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Dave Howe)
Mon Aug 29 09:56:59 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 29 Aug 2005 14:08:24 +0100
From: Dave Howe <DaveHowe@gmx.co.uk>
To: Email@metzdowd.com,
List@metzdowd.com:Cryptography <cryptography@metzdowd.com>
In-Reply-To: <E1E9gnz-0002Vv-00@medusa01.cs.auckland.ac.nz>
Peter Gutmann wrote:
> TLS-PSK fixes this problem by providing mutual authentication of client and
> server as part of the key exchange. Both sides demonstrate proof-of-
> possession of the password (without actually communicating the password), if
> either side fails to do this then the TLS handshake fails. Its only downside
> is that it isn't widely supported yet, it's only just been added to OpenSSL,
> and who knows when it'll appear in Windows/MSIE, Mozilla, Konqueror, Safari,
So, the solution to nobody using the existing (but adequate) solution is another
existing (but barely implimented and also unused) solution?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
