- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Thu, 25 Jul 1996 13:23:47 -0400
- To: ietf-tls@w3.org
> From ietf-tls-request@w3.org Thu Jul 25 06:36:35 1996 > Resent-Date: Thu, 25 Jul 1996 06:36:08 -0400 From: Jeff Weinstein <jsw@netscape.com> > 2) many (most?) people reuse their passwords. That is a good argument for requiring that users not be allowed to choose their passwords. Isn't that standard practice at most web sites that use basic auth - the content provider, not the user, picks the password? Don't get me wrong - I believe there is not a single good thing that can be said about static passwords. But the question here is should the TLS protocol support strong protection for them. As the proposal appears to have no negative effect on the rest of TLS, I don't see a reason for opposing the password proposal. The fact that it's technically silly to store newspaper grocery coupons in bank safe deposit boxes doesn't imply that banks should prohibit their misguided customers from storing coupons or other nearly worthless material there.
Received on Thursday, 25 July 1996 13:24:20 UTC