W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2008

Re: delegation and passwordsInTheClear-52

From: James A. Donald <jamesd@echeque.com>
Date: Sat, 28 Jun 2008 22:55:55 +1000
Message-ID: <486634DB.2050308@echeque.com>
To: Chris Drake <christopher@pobox.com>
CC: "Doyle, Bill" <wdoyle@mitre.org>, Dan Connolly <connolly@w3.org>, www-tag <www-tag@w3.org>, public-usable-authentication@w3.org 

Chris Drake wrote:
> Most "scenarios" are request-response (eg: HTTP or SMTP etc).  You
> cannot trivially engineer password protection over this architecture.
> Ask one of your cryptographers to explain "why" to you.

Poor UI and security design decisions made long, long ago, and 
thoroughly built into today's architecture.

Can be changed, should be changed.  Hard to change.
Received on Saturday, 28 June 2008 12:56:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT