[cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jul 13 23:22:07 EDT 2011


Jeffrey Walton <noloader at gmail.com> writes:

>I was also talking with a fellow who told me NSS is owned by Red Hat. While
>NSS is open source, the validated module is proprietary. I don't use NSS (and
>have no need to interop with the library), so I never looked into the
>relationship.

The person that I quoted in my message is effectively Mr.NSS.  I'd say his
statement is fairly authoritative (and final): There will be no proper mutual-
auth or pasword-auth in NSS.

Peter.



More information about the cryptography mailing list