W3C home > Mailing lists > Public > public-web-security@w3.org > January 2010

Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim?

From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Tue, 05 Jan 2010 17:33:21 +0900
To: Daniel Stenberg <daniel@haxx.se>
Cc: public-web-security@w3.org
Message-ID: <87d41p7xym.fsf@bluewind.rcis.aist.go.jp>
Dear Daniel,

Daniel Stenberg <daniel@haxx.se> writes:

> means which is beyond the scope of this protocol but still I think the
> way that is written is slightly misleading.

You're correct, and as you might guess the phrase is for
phishing-like attacks.  We still need TLS against eavesdropping.

# In our scheme passwords itself are safe even with eavesdropping,
# but we don't claim that it's enough for security.

I will seek for better and clearer phrase in the next draft.

Thank you very much,

Yutaka OIWA, Ph.D.                                       Research Scientist
                            Research Center for Information Security (RCIS)
    National Institute of Advanced Industrial Science and Technology (AIST)
                      Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
Received on Tuesday, 5 January 2010 08:33:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:17 UTC