[OpenID] Using EAP-TLS as a bearer for OpenID
Peter Williams
pwilliams at rapattoni.com
Sun Oct 5 04:05:32 UTC 2008
http://www.ietf.org/rfc/rfc2716.txt
anyone interesting in cooperating on an EAP-TLS/PPP bearer experiment, communicating OpenID2 Auth?
The intent of the project would be to exploit careful design and use of the TLS dandshake components, when handling multiple sessions and session resumes. Not for the faint of heart; should already understand the design of the SSL handshake, the SSL record layer, the crypto session hijacking countermeasures, the difference between SSLv2 and SSLv3 regarding trusted session offloading/caching, etc. Familiarity with PPP fragmentation and SSL fragmentation/pipeline handling and model for hardware acceleration would be an asset.
More information about the general
mailing list