Dave Howe <[EMAIL PROTECTED]> writes:

> Ian G wrote:
>> none of the above.  Using SSL is the wrong tool
>> for the job.
> For the one task mentioned - transmitting the username/password pair
> to the server - TLS is completely appropriate.  However, hash based
> verification would seem to be more secure, require no encryption
> overhead on the channel at all, and really connections and crypto
> should be primarily P2P (and not server relayed) anyhow.

Well, it's still attractive to have channel security in order to
prevent hijacking. (Insert usual material about channel bindings 


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to