- From: David W. Morris <dwm@xpasc.com>
- Date: Wed, 7 Jan 1998 18:29:38 -0800 (PST)
- To: Jim Gettys <jg@pa.dec.com>
- Cc: Paul Leach <paulle@microsoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, Scott Lawrence <lawrence@agranat.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Wed, 7 Jan 1998, Jim Gettys wrote: > > While I agree with both Paul and Scott on message integrity, I'd > like to remind people that the BIG disaster on the Internet > is password grabbing. Naive people use the same > password for many things... > > At this point, anything that can help that problem is worth alot, eve > n if it has other issues... I agree! The problem is perhaps even worse, one server rapidly increasing its deployment (MS IIS) actually requires (by default) that each user to be authenticated have a login/pw on the server. There are various ways to mitigate the risk ... but while we blame naive people for using the same password for many things, we should note that those who should know better have made the problem significantly worse by biasing the situation to use of the same login/pw for access to the LAN file servers AND the web. Of course, once we have hidden the password using digest, there is still no way to update the password but one could argue that it is harder to sniff the infrequent update than the repeated authentication credential. In any case, I believe it is critical to protect the authentication credentials not because we are securing the web transaction BUT for the reasons Jim has noted ... to prevent the use of web passwords grabbed from the net from being used to access unrelated services. Take on the data verification as a second problem. Perhaps do something about the password update issue as well... Perhaps even a variation of shttp to protect and authenticate the payload with lower implementation costs than SSL. Dave Morris
Received on Wednesday, 7 January 1998 18:37:33 UTC