Hi Gert,
There are alot of different use-cases for this standard mechanism and
I really thinkin about better explanation in general.
I think that some real example will help alot but it requires alot of
client+server code of different protocols (so many of do this and
that).
When you got authenticated VPN then you dont need for example to
discomfort users with username/password in protocols on top of VPN
(Kerberos, HTTP(s), ...)
and you can automatically authenticate "(SSO)" these layers using this
exported keying material [RFC-5705].
It is actually well defines mechanism for "crypto/authentication"
plugin developers and they should know what they are doing.
Maybe Let's try to discuss that using IRC.
Daniel
On 6 March 2015 at 19:45, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Mon, Mar 02, 2015 at 01:03:38AM +0100, daniel kubec wrote:
>> Added 2 patches related to [RFC-5705] (code + docs).
>
> Thanks. TBH, this is all very nice and dandy, but it still doesn't
> make much sense to me...
>
> Some more real-worldish specific examples ("do *this* and *that*, and then
> this mechanisms helps you to achive *this* goal!") instead of links to
> very theoretic documents was more what I had in mind.
>
> The text itself is not bad, but it's still way to crypto-self-centric -
> if you can explain this to someone who doesn't know crypto but wants to
> use that feature for something cool, then you've achieved the goal.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany g...@greenie.muc.de
> fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
