Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >   btw, can you provide details of your proposal that you gave 1995?
> > And what was Dave's proposal in 1992?

> Does it?  The Auth-ID is still transmitted in the clear, exposing it to
> everything between the server and the client.  And expiration wouldn't

   See the content of Auth-ID in light of the proposal given earlier
(see above) where this ID :

1. may be encoded / encrypted (as required)
2. has an algorithm for generation - which may include IP addresses of
both the parties etc
3. obviously, has some data that is specific to the server (that does
session management). This is the private part of the ID which, again,
may be en-coded/crypted.


-- 
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]