On 13-Feb-06, at 10:51 AM, Eric Rescorla wrote:
What do you mean "binary crypto code"? You've got a hash algorithm, no? At worst, you could share a pairwise secret between the MS and the HS during the initial discovery phase and use that to key a MAC. (This is of course only safe if you're doing that exchange over SSL/TLS, but that's true of your scheme too...) Anyway, I don't really find this that convincing. Java certainly comes with built-in public key functionality and there are modules for Python, Perl and PHP (it's actually a compilation flag for PHP). Yes, it's not zero effort, but it's not exactly prohibitive either.
Yes, hash algorithms are widely available on the platforms. (but even SHA-1 is not everywhere)
Public Key algorithms are not widely available on the dynamic language platforms.
Easy for Perl, Python, PHP and Ruby developers in addition to Java and .Net developers was a core goal of DIX.
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
