Balazs Scheidler wrote:
> [ discussion of using session keys to sign stuff deleted ]
Yes, you are absolutely right. If you pre-negotiate a
session key then you can use it to sign any MAC's
as a way to do authentication of the correct data
and sender.
I will try to clarify the language.
> Hmm... and do we want to define an UDP based protocol having this capability?
> or we just state that in environments with this requirement TCP transport
> has to be used. I agree in the second case.
I'm not saying it makes sense to use UDP.
I'm just saying that a high level requirements
doc doesn't care if somebody else wants to.
When we get down to actual protocol design,
then we can worry about it.
--
Chris Calabrese
Internet Infrastructure and Security
Merck-Medco Managed Care, L.L.C.
[EMAIL PROTECTED]
.
