Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed

To: "Tommy M. McGuire" <mcguire at crsr.net>
Subject: Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed
From: Gaurav Vaish <gaurav.vaish at gmail.com>
Date: Sat, 14 May 2005 14:25:59 +0530
Cc: ietf at ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=g9M4slmsOKjx1aTQRT5+uqzWuOashRDS6Z1QtzHH9s1qNMryLyyCybSscNZB195/Mhxk0uTideJLZ4OsActpSbGzNssVoLa3LZZOEz9z9Ht1Wfx6VGP+BN+2XZhPVl3Gmjph75tzvPEF9xMPQwTVevoIM3HvPVMVN/MNcqLHf7A=
In-reply-to: <20050513154234.GB21745@inaccessible.crsr.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD37250279@MOU1WNEXMB04.vcorp.ad.vrsn.com> <9391da205051220566aa2ac2f@mail.gmail.com> <20050513154234.GB21745@inaccessible.crsr.net>
Reply-to: Gaurav Vaish <gaurav.vaish at gmail.com>
Sender: ietf-bounces at ietf.org

> >   btw, can you provide details of your proposal that you gave 1995?
> > And what was Dave's proposal in 1992?

> Does it?  The Auth-ID is still transmitted in the clear, exposing it to
> everything between the server and the client.  And expiration wouldn't

   See the content of Auth-ID in light of the proposal given earlier
(see above) where this ID :

1. may be encoded / encrypted (as required)
2. has an algorithm for generation - which may include IP addresses of
both the parties etc
3. obviously, has some data that is specific to the server (that does
session management). This is the private part of the ID which, again,
may be en-coded/crypted.


-- 
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed
  - From: Hallam-Baker, Phillip
- Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed
  - From: Gaurav Vaish
- Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed
  - From: Tommy M. McGuire

Prev by Date: Re: Complaining about ADs to Nomcom (Re: Voting (again))
Next by Date: Re: Complaining about ADs to Nomcom (Re: Voting (again))
Previous by thread: Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed
Next by thread: Uneccesary slowness.
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Authentication/Session tracking question [was: HTTP/1.1Protocol: Help Needed

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.