Simon Josefsson wrote:
> Should we suggest that passwords are sent over the wire at all? In good
> systems that should be the exception.
It is widely deployed today with TTLS. I think that allowing this
practice to continue is a requirement.
> 1) Usernames. Should be sent over the wire as-is
Alan DeKok writes:
> Simon Josefsson wrote:
>> Should we suggest that passwords are sent over the wire at all? In good
>> systems that should be the exception.
>
> It is widely deployed today with TTLS. I think that allowing this
> practice to continue is a requirement.
I agree, but that doe
Simon Josefsson wrote:
>> It is widely deployed today with TTLS. I think that allowing this
>> practice to continue is a requirement.
>
> I agree, but that does not necessarily mean that
> passwords-sent-over-the-wire and passwords-sent-hashed must have the
> same internationalization treatment
Alan DeKok writes:
> Simon Josefsson wrote:
>>> It is widely deployed today with TTLS. I think that allowing this
>>> practice to continue is a requirement.
>>
>> I agree, but that does not necessarily mean that
>> passwords-sent-over-the-wire and passwords-sent-hashed must have the
>> same i
