Dave Howe <[EMAIL PROTECTED]> writes:

> Ian G wrote:
>> none of the above.  Using SSL is the wrong tool
>> for the job.
> For the one task mentioned - transmitting the username/password pair
> to the server - TLS is completely appropriate.  However, hash based
> verification would seem to be more secure, require no encryption
> overhead on the channel at all, and really connections and crypto
> should be primarily P2P (and not server relayed) anyhow.

Well, it's still attractive to have channel security in order to
prevent hijacking. (Insert usual material about channel bindings 
here...)

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to