W3C home > Mailing lists > Public > www-tag@w3.org > October 2008

Re: Passwords in the clear update

From: Ray Denenberg, Library of Congress <rden@loc.gov>
Date: Fri, 10 Oct 2008 13:33:03 -0400
Message-ID: <02a101c92afe$407f15a0$2caf938c@lib.loc.gov>
To: "John Kemp" <john.kemp@nokia.com>, "ext David Orchard" <orchard@pacificspirit.com>
Cc: <elharo@metalab.unc.edu>, <noah_mendelsohn@us.ibm.com>, "Jonathan Rees" <jar@creativecommons.org>, <www-tag@w3.org>

From: "John Kemp" <john.kemp@nokia.com>
> What are these legitimate reasons? Or perhaps put another way, what do
> we consider a "password" to be, if not a *secret* best shared only
> between exactly two parties and used to authenticate one party to the
> other?

Well none of the definitions of password that I come across mentions
"exactly two parties".   Which just goes to show that "Password" means
different things to different people.  I think that's the primary cause of
this debate.

I recommend including a definition, right up front in the finding: "For
purposes of this finding a password is defined as ....."  ....  and craft a
definition that fits the finding.

--Ray
Received on Friday, 10 October 2008 17:34:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:07 GMT