Another entry in the internet security hall of shame....
Dave Howe
DaveHowe at gmx.co.uk
Mon Aug 29 09:08:24 EDT 2005
Peter Gutmann wrote:
> TLS-PSK fixes this problem by providing mutual authentication of client and
> server as part of the key exchange. Both sides demonstrate proof-of-
> possession of the password (without actually communicating the password), if
> either side fails to do this then the TLS handshake fails. Its only downside
> is that it isn't widely supported yet, it's only just been added to OpenSSL,
> and who knows when it'll appear in Windows/MSIE, Mozilla, Konqueror, Safari,
So, the solution to nobody using the existing (but adequate) solution is another
existing (but barely implimented and also unused) solution?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list