With the introduction of tcpcrypt to handle channel encryption, we have the opportunity to define a new standard PKI "authentication" layer. This would leave user authentication via account & password as it is now at the application layer, while authenticating for ALL applications the user via his public/private key pair. The authentication layer should not use certificate signing.
Karl Malbrain
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
