noah_mendelsohn@us.ibm.com scripsit: > With that in hand, I think the admonitions to "not solicit" passwords in > the clear and not "transmit passwords in the clear" take on some teeth. > This definition allows us to do what I think John is asking, which is to > talk a bit more about basic vs. digest authentication, and to explain the > senses in which each is or isn't "in the clear", when transmitted using > ordinary HTTP over TCP vs HTTP over SSL or TLS. That's part of my point, but not the most significant part, I think. My other point (expressed in the blog posting) was that "in the clear" and "secure" are endpoints in a security spectrum in which there are good reasons for having more than no, and less than total, security. -- John Cowan cowan@ccil.org "Not to know The Smiths is not to know K.X.U." --K.X.U.Received on Tuesday, 14 November 2006 19:13:40 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 September 2008 07:02:13 GMT