On 27-Feb-06, at 10:19 AM, Hallam-Baker, Phillip wrote:
If you decide that you are going to use PKI as your authentication
mechanism then you can make dramatic simplifications in your
authentication protocol. Inband authentication can be effectively
reduced to a two party protocol between the user and the relying
party.
I presume from your use of AuthN above that you are thinking of how
hosts authenticate, since currently available users are still not
capable of performing PK operations.
I think it is important to be able to use other authentication
methods besides PKI for hosts.
eg. DNS mapping a hostname to an IP that data is retrieved from is a
very light weight AuthN mechanism for a host, albeit primarily suited
for low risk transactions.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
