- From: Elliotte Harold <elharo@metalab.unc.edu>
- Date: Fri, 10 Oct 2008 04:27:00 -0700
- To: "Ray Denenberg, Library of Congress" <rden@loc.gov>
- Cc: noah_mendelsohn@us.ibm.com, Jonathan Rees <jar@creativecommons.org>, David Orchard <orchard@pacificspirit.com>, www-tag@w3.org
Ray Denenberg, Library of Congress wrote: > I haven't been a part of this discussion, but I have to weigh in: I just > think this is simply not true and to assert that it is seems misleading. > Clearly, *clearly*, there are cases where you have to send a password in the > clear and there isn't any way around it. The example that comes to mind is > when the service tells you what password to use, and everyone uses that > password. The password might be "password". (The service doesn't care that > everyone in the world can access it, but it is configured to require a > password.) The argument that, well, you (the client) might then use that > same password for some other application (where *you* have to coin the > password, rather than use one that the service tells you to use), does that > really make sense in this case? > The example that comes to mind is in the early days of the web when Comedy Central's website requried the login "sweetie" and the password "darling", a fact which they advertised in the clear on TV at every commercial break. However as others have pointed out, this really isn't a password at all in anything but name. -- Elliotte Rusty Harold elharo@metalab.unc.edu Refactoring HTML Just Published! http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA
Received on Friday, 10 October 2008 11:27:39 UTC