[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Keyed-MD5, ITAR, and HTTP-NG
> Isn't this what the GSS-API is about? Couldn't HTTP-NG just convey GSS
> "tokens", and do something about getting both sides to agree on which GSS
> "mechanism" is to be used, and on what Principals are involved?
Yes, exactly. Of course negotiation and naming are often the harder
issues. It is a pity that HTTP-NG seems to be inventing protocol-specific
crypto-systems, rather then designing a general one and then being its