Re: Authentication issue CNONCE: Proposed resolution

Scott Lawrence (lawrence@agranat.com)
Fri, 07 Aug 1998 17:38:56 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"
Previous message: Paul Leach: "RE: ISSUE: Protection space"
Maybe in reply to: Larry Masinter: "Authentication issue CNONCE: Proposed resolution"
Next in thread: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"

Paul Leach wrote:
> 
> This is a MUST on the client in order for it to ensure its own 
> security, not in order to interoperate. It imposes no burden on 
> servers.
> 
> In order to be safe, it is indeed true that the client should never 
> send the same value, even to different servers. If a server can 
> predict what the client will send, then we're back in 
> chosen-plaintext-attack land.

Next message: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"
Previous message: Paul Leach: "RE: ISSUE: Protection space"
Maybe in reply to: Larry Masinter: "Authentication issue CNONCE: Proposed resolution"
Next in thread: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"