There was a paper by Li Gong at an early CCS -- '93, I think, though it might have been '94 -- on the number of messages different types of authentication protocol took. It would be a good starting point.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]