W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [saag] [websec] [http-auth] re-call for IETF http-auth BoF

From: Henry B. Hotz <hotz@jpl.nasa.gov>
Date: Mon, 27 Jun 2011 14:44:38 -0700
Cc: public-identity@w3.org, http-auth@ietf.org
Message-Id: <E960FA24-1A80-469B-9CA8-9E77CE6DC141@jpl.nasa.gov>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>

On Jun 13, 2011, at 9:59 PM, Peter Gutmann wrote:

> Phillip Hallam-Baker <hallam@gmail.com> writes:
> 
>> what would we want HTTP authentication to look like?
> 
> I have a suggestion for what it shouldn't look like: Any method that hands 
> over the password (or a password-equivalent like a password in hashed form) as 
> current browsers do should be banned outright, and anyone who implements 
> hand-over-the-password should killed and eaten to prevent them from passing on 
> the genes.

+1
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
Received on Monday, 27 June 2011 21:45:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 June 2011 21:45:15 GMT