IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: additional core draft nits in need of WG attention.
Bill Sommerfeld <sommerfeld%east.sun.com@localhost> writes:
> > >10. Section 5, last paragraph. What is "implicit server
> > >authentication?" The whole paragraph is unclear.
>
> Can someone provide some fill-in text?
I think it refers to key exchange methods like the ones used in tls
and ssh1, where one party chooses the session key and encrypts it
using the other party's public RSA key. Then you must consider the
remote end unauthenticated until you have verified that she knows the
session key.
Do others share this interpretation? (I'd have to think some more
about the implications to be alble to write any precise text).
/Niels
Home |
Main Index |
Thread Index |
Old Index