W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [saag] [websec] Fwd: [http-auth] re-call for IETF http-auth BoF

From: Henry B. Hotz <hotz@jpl.nasa.gov>
Date: Wed, 22 Jun 2011 11:01:14 -0700
Cc: "SHIMIZU, Kazuki" <kazubu.lepidum@gmail.com>, "public-identity@w3.org" <public-identity@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Message-Id: <4E484152-2FF6-4374-B8D4-DCDA0D12ABBD@jpl.nasa.gov>
To: "gogwim@unijos.edu.ng" <gogwim@unijos.edu.ng>
I can agree in principle, but in practice the definition of "weak" is too fuzzy.

On Jun 22, 2011, at 10:21 AM, GOGWIM, JOEL GODWIN wrote:

> Supported.
> Weak and predictable passwords should be avoided.
> 
> 
> On Wed, June 22, 2011 4:23 pm, SHIMIZU, Kazuki said:
>> I agree.
>> 
>> In addition, I think we should avoid not only "zero length password"
>> but also weak passwords (e.g. 12345, qwerty, etc...).
>> 
>> This problem may be operation policy issue,
>> however, might be considering.
>> 
>> 2011/6/22 Marc Williams <netsequent@gmail.com>:
>>>>> * a method that hands over a password (or a password-equivalent)
>>>>> * a method whose UI can be imitated by malicious sites.
>>>>> 
>>>>> Of course there might be more items, please append.
>>> 
>>> 
>>> 
>>> 
>>> A method which pemits zero length password authentication
>>> 
>>> 
>>> Marc Williams
>>> 
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>>> 
>> 
>> --
>> SHIMIZU, Kazuki
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
Received on Wednesday, 22 June 2011 20:52:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 22 June 2011 20:52:44 GMT