- From: Henry Story <henry.story@bblfish.net>
- Date: Thu, 19 Jul 2012 16:52:15 +0200
- To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
- Cc: Phillip Hallam-Baker <hallam@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 19 Jul 2012, at 16:32, Poul-Henning Kamp wrote: > In message <CAMm+LwjSOYkJQPayq1btXR5iXLNqBOdgQvsQMAAwhuZSNqQCXw@mail.gmail.com> > , Phillip Hallam-Baker writes: > >> My biggest Web security concern is not the risk of passwords being >> intercepted on the wire, its the fact that users have no practical >> alternative to using the same password for the 100+ sites they use >> that demand one. > > I have a hard time seeing how that can be solved at the HTTP protocol > level ? Though interestingly enough it can be solved at the TLS+HTTP level, see the WebID protocol: http://www.w3.org/2005/Incubator/webid/spec/ which is best read with the demonstration and the explanation shown in the screen cast http://webid.info/ Henry > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > Social Web Architect http://bblfish.net/
Received on Thursday, 19 July 2012 14:52:55 UTC