W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [websec] [kitten] [saag] HTTP authentication: the next generation

From: David Morris <dwm@xpasc.com>
Date: Thu, 6 Jan 2011 08:03:54 -0800 (PST)
cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, websec <websec@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.1101060802120.6107@egate.xpasc.com>


On Thu, 6 Jan 2011, Ben Laurie wrote:

> The answer to this problem is hard, since it brings us back to taking the UI
> out of the sites hands.

Which is only helpful if you can somehow gaurantee that the user agent 
software hasn't been compromised. Not something I'd bet on...
Received on Thursday, 6 January 2011 16:05:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:36 GMT