>>>>> "Eric" == Eric Rescorla <[EMAIL PROTECTED]> writes:
Eric> Sam Hartman <[EMAIL PROTECTED]> writes:
>>>>>>> "Eric" == Eric Rescorla <[EMAIL PROTECTED]> writes:
>>
Eric> Sorry, I don't see what you're getting at. PwdHash is
Eric> specified to use the domain name of the server as the hash
Eric> salt. RFC 2818 requires that that domain name match the
Eric> server's certificate. There's nothing additional required.
>> The additional thing is that the specification of pwdhash uses
>> the same naming for servers that tls does and that as pwdhash
>> is used, it derives the name of the server it is contacting
>> from the same place as TLS (the URI).
Eric> Yes, I agree that this is necessary. I don't agree that it's
Eric> "additional". It's a basic part of any design that aims to
Eric> preserve referential integrity, which is why TLS and PwdHash
Eric> both do it.
OK. It was not obvious in your definition of CRA that you meant this.
I thin my major conclusion from WEA so far is that reasonably
intelligent people who have been thinking about these problems for
years still find it difficult to agree on common vocabulary.
Requirements and solutions are harder.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
