Markus Friedl wrote:
On Tue, Aug 26, 2003 at 11:42:52PM -0400, Joel N. Weber II wrote:I dislike the partial authentication approach. I believe it adds significant complexity to an implementation.I agree, not only because of the implementation complexity. I don't see a reason why this sould be considered a 'partial authentication'. Why not treat this as two different methods and phase out the non-mic version instead of keeping the less secure version around forever?
Agreed. Abusing partial authentication to fix up a shortcoming in an draft auth method is a kludge to fix a mistake, no other auth method does (or should) work that way. I agree with Markus' suggested solution too.
-d