> Jeffrey Altman wrote:
> > ...
> > I would hope that anyone interested in implementing Kerberos
> > in HTTP do so by using the TLS Kerberos cipher suites.
>
> OK, bad example. Maybe AES (Rjidahl or however you spell it :)
> then?
This is a bad example as well. The idea is not to allow additional
encryption algorithms to be used. Encryption algorithms, key exchange
algorithms, integrity protection, compression are all things that need
to be integrated into a secure transport protocol. That protocol is
TLS.
> In any case, it's an attempt to allow for more than one encryption
> protocol to be used over HTTP without requiring additional ports.
Secure transport protocols are extremely hard to get right. We
certainly do not need anything other than TLS. Anything else would be
a tremendous waste of effort.
Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. SSH soon to follow.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
