Re: Discussion of Mandatory TLS in HTTP/2.0

On 19 Jul 2012, at 16:32, Poul-Henning Kamp wrote:

> In message <CAMm+LwjSOYkJQPayq1btXR5iXLNqBOdgQvsQMAAwhuZSNqQCXw@mail.gmail.com>
> , Phillip Hallam-Baker writes:
> 
>> My biggest Web security concern is not the risk of passwords being
>> intercepted on the wire, its the fact that users have no practical
>> alternative to using the same password for the 100+ sites they use
>> that demand one.
> 
> I have a hard time seeing how that can be solved at the HTTP protocol
> level ?

Though interestingly enough it can be solved at the TLS+HTTP level,
see the WebID protocol:

   http://www.w3.org/2005/Incubator/webid/spec/

which is best read with the demonstration and the explanation shown in the screen cast

   http://webid.info/

Henry

> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.
> 

Social Web Architect
http://bblfish.net/

Received on Thursday, 19 July 2012 14:52:55 UTC