W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1999

Re: Password change via HTTP

From: David Jablon <dpj@world.std.com>
Date: Mon, 14 Jun 1999 02:27:25 -0400
Message-Id: <3.0.5.32.19990614022725.00828ae0@world.std.com>
To: "Alex Kodat" <ALEX@SIRIUS.sirius-software.com>
Cc: hallam@ai.mit.edu, http-wg@hplb.hpl.hp.com
While I'm sure this thread is off-topic for http-wg,
I agree with Alex that passwords are here to stay,
and I agree with Phillip that PKI is too.

The big question is:  How will passwords be used?

I sincerely doubt that the dominant form will be
PINs for smart cards, and I know we can do better
than simple local key files encrypted with a 
password/phrase.

For another vision of strong password + PKI systems, visit
<http://www.IntegritySciences.com>.

-- dpj


At 09:55 AM 6/13/99 EDT, Alex Kodat wrote:
>In-Reply-To:  Message of Sat, 12 Jun 1999 23:24:20 -0400 from
<hallam@ai.mit.>
>
>While I wholeheartedly agree that PKCS is *far* superior to password based
>schemes, I suspect passwords will be around for some time to come. The idea
>that every workstation out there will be equipped with smart-card readers
>and all users will be walking around with smart cards that contain their
>personal client certificate is lovely but not one I think we're likely
>to see everywhere for many years to come.
>
>Password based systems are just too easy to manage and can be trivially
>used with existing legacy systems. It's kinda like the https vs. shttp
>issue or electronic wallets vs. credit card numbers over SSL: the
>obviously superior technology is adopted slowly because the easier to
>manage technology is considered "good enough" (BTS) and has virtually
>no administrative overhead whereas the newer superior technology has
>considerable administrative overhead.
>
>Just a prediction that 10 years from now people will still be using
>passwords with we-based applications and will still be sending credit
>card numbers over SSL. If there's a way I can help our customers using
>password based systems I'd like to be able to do so.
>
>Alex Kodat
>Sirius Software
>Cambridge, MA
Received on Monday, 14 June 1999 07:26:36 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:31 EDT