Re: secure transfer using skey

[Roy Fielding <fi...@beach.w3.org>]

>I think the skey code is PD, so could be dropped into clients and
>servers.
>
>I must be missing something, cos this is just too simple.

As I recall, keeping the clients and server synchronized is
the problem -- skey assumes too much about the quality of the
communication link.  There is a revised version of skey (with
a different name) now out as an Internet Draft, but I can't remember
the name.  It might be referenced in the www-security archives.

Phill Hallam-Baker is the person here who knows about that stuff
(I avoid it like the plague, since security requires too much time
to keep up to date).  Phill (hallam@w3.org) will likely
talk your ear (or fingers) off on the subject.

.....Roy