New Security Mechanism CMS is gone Turns out we need client signatures Want to allow high quality shared secrets Secur-ID Kerberos Not easy to implement New Solution TLS connection to the server STUN request for asking for OTP STUN response contains OTP Use that OTP to generate HMAC on request Server uses OTP to generate HMAC on response |