Dick Hardt <[EMAIL PROTECTED]> writes: > On 13-Feb-06, at 11:09 AM, Eric Rescorla wrote: > >>>> The technical term for a "signature" which can only be verified by >>>> the holder of a symmetric secret is Message Authentication Code >>>> (MAC) >>>> and there's a standard technique for performing MACs: HMAC (RFC >>>> 2104). >>> >>> Our current implementation uses HMAC. Since the Homesite can use >>> whatever it wants, we left it out of the spec. >> >> Well, that's fine, but you shouldn't be recommending a technique >> which is known to be inferior to HMAC. > > I agree. Did not know we were recommending a different technique. > Where is that mentioned?
Section 5.10.2.3. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
