W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Discussion of Mandatory TLS in HTTP/2.0

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 19 Jul 2012 15:19:40 +0100
Message-ID: <5008177C.7050508@cs.tcd.ie>
To: Phillip Hallam-Baker <hallam@gmail.com>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org> 


On 07/19/2012 03:10 PM, Phillip Hallam-Baker wrote:
> 
> My biggest Web security concern is not the risk of passwords being
> intercepted on the wire, its the fact that users have no practical
> alternative to using the same password for the 100+ sites they use
> that demand one.

Mine too, though we may have different solutions in our heads.

But, that's being addressed as part of the auth stuff which is a
different thread entirely (at a far lower temperature:-)

S
Received on Thursday, 19 July 2012 14:20:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 14:20:21 GMT