W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [saag] [websec] Fwd: [http-auth] re-call for IETF http-auth BoF

From: SHIMIZU, Kazuki <kazubu.lepidum@gmail.com>
Date: Thu, 23 Jun 2011 00:23:23 +0900
Message-ID: <BANLkTikR9Ud5-yFzjYxu+V0vqcQCExyF4g@mail.gmail.com>
To: Marc Williams <netsequent@gmail.com>
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>
I agree.

In addition, I think we should avoid not only "zero length password"
but also weak passwords (e.g. 12345, qwerty, etc...).

This problem may be operation policy issue,
however, might be considering.

2011/6/22 Marc Williams <netsequent@gmail.com>:
>>> * a method that hands over a password (or a password-equivalent)
>>> * a method whose UI can be imitated by malicious sites.
>>>
>>> Of course there might be more items, please append.
>
>
>
>
> A method which pemits zero length password authentication
>
>
> Marc Williams
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

--
SHIMIZU, Kazuki
Received on Wednesday, 22 June 2011 20:52:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 22 June 2011 20:52:45 GMT