Hashing algorithm needed
Ben Laurie
ben at links.org
Wed Sep 15 06:10:16 EDT 2010
On 15/09/2010 00:26, Nicolas Williams wrote:
> On Tue, Sep 14, 2010 at 03:16:18PM -0500, Marsh Ray wrote:
>> How do you deliver Javascript to the browser securely in the first
>> place? HTTP?
>
> I'll note that Ben's proposal is in the same category as mine (which
> was, to remind you, implement SCRAM in JavaScript and use that, with
> channel binding using tls-server-end-point CB type).
>
> It's in the same category because it has the same flaw, which I'd
> pointed out earlier: if the JS is delivered by "normal" means (i.e., by
> the server), then the script can't be used to authenticate the server.
That's one of the reasons I said it was only good for experimenation.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list