[11320] in cryptography@c2.net mail archive
An authentication question
daemon@ATHENA.MIT.EDU (Adam Fields)
Mon Aug 5 16:33:37 2002
Date: Mon, 5 Aug 2002 16:12:30 -0400
From: Adam Fields <fields@surgam.net>
To: cryptography@wasabisystems.com
If you were going to open up an interface to allow known parties to
upload files to you via web form submission, would you want to 1)
distribute passwords to them and let them sign in to a page where they
could upload the files over SSL, or 2) allow anyone to upload files
and require that authorized parties sign (and/or encrypt) the files
before uploading them, rejecting any that weren't signed with a valid
key?
Are these two scenarios equivalent from a security standpoint?
--
- Adam
-----
Adam Fields, Managing Partner, fields@surgam.net
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
Ask about Vignette maximization: http://www.surgam.net/vignette.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
