From owner-ssh@clinet.fi  Wed Feb 10 01:35:44 1999
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7]) by hutcs.cs.hut.fi (8.8.8/8.8.8) with ESMTP id BAA21619; Wed, 10 Feb 1999 01:35:43 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id BAA16459
	for ssh-outgoing; Wed, 10 Feb 1999 01:21:25 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ssh@clinet.fi using -f
Received: from pompano.pcola.gulf.net (root@gulf.net [198.69.72.14])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id BAA16447;
	Wed, 10 Feb 1999 01:21:22 +0200 (EET)
Received: from whgiii (minke42.pcola.gulf.net [205.160.71.57])
	by pompano.pcola.gulf.net (8.9.1a/8.9.1) with SMTP id RAA12242;
	Tue, 9 Feb 1999 17:18:59 -0600 (CST)
Received: from 100.100.100.1 by whgiii (IBM OS/2 SENDMAIL VERSION 2.03/2.0) id RAA016.05; Tue, 9 Feb 1999 17:32:10 -0500
Message-Id: <199902092232.RAA016.05@whgiii>
From: "William H. Geiger III" <whgiii@invweb.net>
Date: Tue, 09 Feb 1999 17:30:41 -0500
To: Chris Newman <chris@INNOSOFT.COM>
In-Reply-To: <Pine.SOL.3.95.990209095339.3616A-100000@elwood.innosoft.com>
Cc: Martin Forssen <maf@firedoor.se>, ssh@clinet.fi, ietf-ssh@clinet.fi
Subject: Re: Generic challenge-repsonse aunetication in ssh2
X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v1.52 b52 
Sender: owner-ssh@clinet.fi
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In <Pine.SOL.3.95.990209095339.3616A-100000@elwood.innosoft.com>, on
02/09/99 
   at 09:57 AM, Chris Newman <chris@INNOSOFT.COM> said:

>On Mon, 8 Feb 1999, Martin Forssen wrote:
>> I am not really sure that is a good idea since the conditions are quite
>> different. The draft mentioned above is quite concerned with protecting
>> the authentication data while on the wire whereas in ssh we already have a
>> secure channel when authenticating.

>Fair enough.  I didn't say it should be identical, but it'd be a lot
>better if whatever mechanism is used in SSH can share the same format for
>the predigested password verifiers on the server end.  FYI, there appears
>to be a good chance that DIGEST-MD5 will have OS support in Windows 2000.
>It's certainly nice to be able to use the OS password services rather
>than rolling your own.

Nothing personal but with M$'s track record when it comes to security the
last thing I would want to use it one of their OS's password services.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
- ---------------------------------------------------------------
 
Tag-O-Matic: He who laughs last uses OS/2.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850

wj8DBQE2wKlYlHpjA6A1ypsRAhmhAKCbKRCos3EEon31lbcDo3N3SLGBtACbBLD7
WPQM0fUMdVj8RRm9vYxVh6U=
=C9gC
-----END PGP SIGNATURE-----