W3C home > Mailing lists > Public > ietf-tls@w3.org > July to September 1996

Re: Repost of CompuServe Position on Passphrases

From: David P. Kemp <dpkemp@missi.ncsc.mil>
Date: Thu, 25 Jul 1996 13:23:47 -0400
Message-Id: <199607251723.NAA18178@argon.ncsc.mil>
To: ietf-tls@w3.org
> From ietf-tls-request@w3.org Thu Jul 25 06:36:35 1996
> Resent-Date: Thu, 25 Jul 1996 06:36:08 -0400
From: Jeff Weinstein <jsw@netscape.com>

> 	2) many (most?) people reuse their passwords.

That is a good argument for requiring that users not be allowed
to choose their passwords.  Isn't that standard practice at most
web sites that use basic auth - the content provider, not the user,
picks the password?

Don't get me wrong - I believe there is not a single good thing
that can be said about static passwords. But the question here is
should the TLS protocol support strong protection for them.  As
the proposal appears to have no negative effect on the rest of
TLS, I don't see a reason for opposing the password proposal.

The fact that it's technically silly to store newspaper grocery coupons
in bank safe deposit boxes doesn't imply that banks should prohibit
their misguided customers from storing coupons or other nearly worthless
material there.
Received on Thursday, 25 July 1996 13:24:20 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:50 EDT