- From: James A. Donald <jamesd@echeque.com>
- Date: Sat, 28 Jun 2008 22:36:17 +1000
- To: Chris Drake <christopher@pobox.com>
- CC: "Doyle, Bill" <wdoyle@mitre.org>, Dan Connolly <connolly@w3.org>, www-tag <www-tag@w3.org>, public-usable-authentication@w3.org
Chris Drake wrote: > Hi Bill, > > I think we've got some crossed wires. The statement was not about > applications, nor tools. It pertained to "Every scenario that > involves possibly transmitting passwords in the clear" - but more to > the point - this whole topic is relating to web/internet technologies. > > You do not have the luxury of being able to design "both ends". You > can either code on the serverside, if you develop sites, or code on > the client site, if you develop browsers. > > Excluding SSL - it is NOT trivially possible to avoid transmitting > cleartext (or dictionary-attackable equivalent) passwords in "Every > scenario" - nor even in the overwhelming majority of any likely > real-life scenario you can imagine. Browser insecure, so have to redesign both ends. Cannot have security when interface for managing secrets is put up by a possibly hostile web page. That was bad design, way back at the beginning. User Interface for logging on, managing state of being logged, and providing shared secrets has to be in browser, not web page.
Received on Saturday, 28 June 2008 12:37:06 UTC