On 09/12/2013 07:37 PM, Karl Malbrain wrote:
> I'm not an expert in TLS -- my technical background is SRP/AES. I thought
> every client already has a private key in order to negotiate with the server
> for a session key.
>
> If that's not true, then yes, authentication by the server that the
> connection is with the client directly, and not through MITM, requires each
> user to have a private key.
>
I believe Stephen is asking you to spell out details like that in an
internet-draft. I would also like to move on to other things while we
wait for that draft to appear.
thx /leif
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
