From: Chris Drake [mailto:christopher@pobox.com] >> 4) Passwords belong to users, users should decide who manages them. >Good point >> It follows therefore that any site which requires a password to be >> supplied ... >Well - technically - you've made a mistake already. If passwords belong to users, then there should >never be any way for users to give passwords to sites. This comes back to the hashing problem again, >with the added annoyance of requiring universal user-agent support for something secure as well. Well that is the risk you face when you have an idea in mid-message and promote it to a heading. But your argument does not quite work. My money belongs to me but I keep it in the bank. It follows that it is reasonable for me to give my password to an identity authority acting on my behalf. I should not need to give my password to the nytimes just to read an article.Received on Thursday, 14 February 2008 19:41:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT