On Thu Oct 21 20:08:42 2010, Alex Milowski wrote:
Most simply, I want to be able to use something like DIGEST
authentication to keep the shared secret from being exposed. I
think
that is a simple request that is fairly straightforward to
accomodate.
A simple hash scheme doesn't protect against replay attacks and so
we do need the challenge in the mix somehow.
Who are you assuming, in this threat model, is doing the replay?
I think that's the core question that needs answering.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
_______________________________________________
