draft-josefsson-password-auth-00.txt
Nicolas Williams
Nicolas.Williams at sun.com
Thu Mar 29 18:28:40 CEST 2007
A very general password-based challenge-response mechanism that provides
optional channel binding and optional mutual authentication in one, one
and a half and two round-trips should be feasible:
- w/ unique channel bindings -> 1 rt
- w/o unique channel bindings + uni-dir authen -> 1 and 1/2 rt
- w/o unique channel bindings + mutual auth -> 2 rt
Mutual authentication would work the acceptor name into the PBKDF
inputs. Uni-directional authentication would not work the acceptor name
into the PBKDF (only if no acceptor name was given? or always).
I.e., we could merge YAP and the other proposals into one generic
mechanism.
Nico
--
More information about the Password-auth
mailing list