From: Rich Salz <rsalz@osf.org>
Date: Wed, 1 Nov 1995 05:22:00 +0800
To: hallam@w3.org
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
Message-ID: <9510312013.AA12543@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


> Isn't this what the GSS-API is about?  Couldn't HTTP-NG just convey GSS
> "tokens", and do something about getting both sides to agree on which GSS
> "mechanism" is to be used, and on what Principals are involved?

Yes, exactly.  Of course negotiation and naming are often the harder
issues.  It is a pity that HTTP-NG seems to be inventing protocol-specific
crypto-systems, rather then designing a general one and then being its
first customer.
	/r$