[Fed-Talk] CAC protocol question
[Fed-Talk] CAC protocol question
- Subject: [Fed-Talk] CAC protocol question
- From: Todd Heberlein <email@hidden>
- Date: Sun, 25 Jan 2009 19:37:25 -0800
When someone uses CAC to authenticate to a server (say a web server),
are all the packets encrypted, signed, both, or neither?
I remember years ago people would use one-time passwords to
authenticate to a system (e.g., to telnet in), but because the
connection data/packets were never signed (or encrypted) it was easy
to hijack a connection *after* the user authenticated himself. I am
curious if CAC addresses this at all.
Thanks,
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden