Peter Gutmann wrote:
TLS-PSK fixes this problem by providing mutual authentication of client and
server as part of the key exchange. Both sides demonstrate proof-of-
possession of the password (without actually communicating the password), if
either side fails to do this then the TLS handshake fails. Its only downside
is that it isn't widely supported yet, it's only just been added to OpenSSL,
and who knows when it'll appear in Windows/MSIE, Mozilla, Konqueror, Safari,
So, the solution to nobody using the existing (but adequate) solution is another
existing (but barely implimented and also unused) solution?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
