- From: Henry B. Hotz <hotz@jpl.nasa.gov>
- Date: Wed, 22 Jun 2011 11:01:14 -0700
- To: "gogwim@unijos.edu.ng" <gogwim@unijos.edu.ng>
- Cc: "SHIMIZU, Kazuki" <kazubu.lepidum@gmail.com>, "public-identity@w3.org" <public-identity@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "saag@ietf.org" <saag@ietf.org>
I can agree in principle, but in practice the definition of "weak" is too fuzzy. On Jun 22, 2011, at 10:21 AM, GOGWIM, JOEL GODWIN wrote: > Supported. > Weak and predictable passwords should be avoided. > > > On Wed, June 22, 2011 4:23 pm, SHIMIZU, Kazuki said: >> I agree. >> >> In addition, I think we should avoid not only "zero length password" >> but also weak passwords (e.g. 12345, qwerty, etc...). >> >> This problem may be operation policy issue, >> however, might be considering. >> >> 2011/6/22 Marc Williams <netsequent@gmail.com>: >>>>> * a method that hands over a password (or a password-equivalent) >>>>> * a method whose UI can be imitated by malicious sites. >>>>> >>>>> Of course there might be more items, please append. >>> >>> >>> >>> >>> A method which pemits zero length password authentication >>> >>> >>> Marc Williams >>> >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >>> >> >> -- >> SHIMIZU, Kazuki >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >> > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
Received on Wednesday, 22 June 2011 20:52:43 UTC