On 13-Feb-06, at 11:19 AM, Eric Rescorla wrote:
Dick Hardt <[EMAIL PROTECTED]> writes:
On 13-Feb-06, at 11:09 AM, Eric Rescorla wrote:
The technical term for a "signature" which can only be verified by
the holder of a symmetric secret is Message Authentication Code
(MAC)
and there's a standard technique for performing MACs: HMAC (RFC
2104).
Our current implementation uses HMAC. Since the Homesite can use
whatever it wants, we left it out of the spec.
Well, that's fine, but you shouldn't be recommending a technique
which is known to be inferior to HMAC.
I agree. Did not know we were recommending a different technique.
Where is that mentioned?
Section 5.10.2.3.
Ok. I agree. We should recommend HMAC directly.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
