[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Use-cases and requirements - observations
At 01:06 PM 7/8/2003 -0400, Rich Salz wrote: > > leave the driving to us. > >For example, make an SSL connection to the server. If the DN in the >hostname matches the server you're talking to, just trust everything it >says. > >I believe that's the most feasible server-authentication model. No >surprise, it's the standard SSL authentication model. probably OT, but things like SRP give a pretty good server-authentication model too. Particularly if one rationale for DSS is avoiding PKI complexities. And modulo patent issues, of course, which are still a little murky: http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]