You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Roy Fielding <fi...@beach.w3.org> on 1995/09/01 20:55:09 UTC
Re: secure transfer using skey
>I think the skey code is PD, so could be dropped into clients and
>servers.
>
>I must be missing something, cos this is just too simple.
As I recall, keeping the clients and server synchronized is
the problem -- skey assumes too much about the quality of the
communication link. There is a revised version of skey (with
a different name) now out as an Internet Draft, but I can't remember
the name. It might be referenced in the www-security archives.
Phill Hallam-Baker is the person here who knows about that stuff
(I avoid it like the plague, since security requires too much time
to keep up to date). Phill (hallam@w3.org) will likely
talk your ear (or fingers) off on the subject.
.....Roy