Alastair.Green@barclayscapital.com scripsit: > Contrariwise, a ukase against passwords in the clear seems appropriate > because a) it's a gross and inarguable security violation, and b) > everyone has the equipment to implement the solution, even when using > free software. Cost = 0, benefit > 0 => no-brainer. I continue to disagree. Sometimes passwords in the clear provide just enough security to be useful without being intrusive, in which case the benefit of stronger security = 0. And the cost of HTTPS is still greater than zero: server operators must either pay for certificates or use self-certification and deal with nervous customers who worry about unknown-certifier popups in their browsers, though typical certificates are about as reliable as self-certificates, that is to say, not at all. -- Even the best of friends cannot John Cowan attend each others' funeral. cowan@ccil.org --Kehlog Albran, The Profit http://www.ccil.org/~cowanReceived on Wednesday, 13 December 2006 14:17:19 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:56:04 GMT