[970] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: N$ SSL vs M$ PCT

daemon@ATHENA.MIT.EDU (Jonathon Tidswell)
Mon Oct 2 07:28:03 1995

From: Jonathon Tidswell <t-jont@microsoft.com>
To: JohnHemming@mkn.co.uk, www-security@ns2.rutgers.edu
Date: Mon,  2 Oct 95 18:13:39 TZ
Errors-To: owner-www-security@ns2.rutgers.edu

At the risk of getting my head cut off
[ I have had no part in the PCT effort and have done no more than skim 
the draft. ]

 "John Hemming CEO MarketNet"  <JohnHemming@mkn.co.uk> wrote:

| 2. Message authentication uses different keys to the encryption keys.  How
| this helps, apart from making implementation harder, I cannot quite 
fathom.  We
| should not be using this secure channel protocol for proper message 
authentication
| only.  The MAC (Message Authentication Code) is not what I would use for
| authentication from a legal and contractual background.  I prefer 
Digitally Signed
| Instructions.

I thought this was to allow the use of stronger keys for authentication 
while still using weak keys for encryption (ITAR rearing its ugly head.)

- Jon T


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[970] in WWW Security List Archive

RE: N$ SSL vs M$ PCT

daemon@ATHENA.MIT.EDU (Jonathon Tidswell)Mon Oct 2 07:28:03 1995

daemon@ATHENA.MIT.EDU (Jonathon Tidswell)
Mon Oct 2 07:28:03 1995