On Mar 30, 2009, at 11:28 AM, Plüm, Rüdiger, VF-Group wrote:
But it doesn't prevent A' that sniffed the traffic from A to B to replay.OTOH why fiddle with this auth stuff anyway. We could make it save by using TLS and client certs.
Holy freholey! And I was worried about the overhead of md5/sha1 ! :)
