Dave Howe <[EMAIL PROTECTED]> writes: > Ian G wrote: >> none of the above. Using SSL is the wrong tool >> for the job. > For the one task mentioned - transmitting the username/password pair > to the server - TLS is completely appropriate. However, hash based > verification would seem to be more secure, require no encryption > overhead on the channel at all, and really connections and crypto > should be primarily P2P (and not server relayed) anyhow.
Well, it's still attractive to have channel security in order to prevent hijacking. (Insert usual material about channel bindings here...) -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
