Re: [saag] [websec] Fwd: [http-auth] re-call for IETF http-auth BoF from Nico Williams on 2011-06-22 (public-identity@w3.org from June 2011)

From: Nico Williams <nico@cryptonector.com>
Date: Wed, 22 Jun 2011 12:08:02 -0500
To: gogwim@unijos.edu.ng
Cc: "SHIMIZU, Kazuki" <kazubu.lepidum@gmail.com>, "public-identity@w3.org" <public-identity@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <BANLkTi=bFUVDTsOeO=wKPS_mHiVOMGT9RA@mail.gmail.com>

On Wed, Jun 22, 2011 at 12:21 PM, GOGWIM, JOEL GODWIN
<gogwim@unijos.edu.ng> wrote:
> Supported.
> Weak and predictable passwords should be avoided.

If you have ZKPPs then weak passwords are OK.

Also, all passwords that users must remember should be considered weak.

Nico
--

Received on Wednesday, 22 June 2011 17:08:35 UTC