draft-josefsson-password-auth-00.txt
Martin Rex
Martin.Rex at sap.com
Fri Mar 30 00:11:16 CEST 2007
Nicolas Williams wrote:
>
> A target name is needed so the acceptor's verifier can be a weak
> password equivalent (meaning it's a password equivalent only for
> authenticating to the same acceptor). Therefore it's useful to
> have a target name even when mutual auth is not requested.
>
> A target name is required for mutual auth, of course.
To me that seems to be slightly inappropriate terminology.
Which particular challenge-response scheme do you have in mind
where the server actually performs a mutual authentication,
i.e. provides a cryptographic proof of his identity?
If the client derives the target name from the network endpoint
address (i.e. fqdn-hostname plus service/tcp-port-no) and
the server simply "asserts" this name, then this is really
a channel binding based on a printable name instead of
the low-level network address, but still a channel binding and
not an authentication.
-Martin
More information about the Password-auth
mailing list