- From: SHIMIZU, Kazuki <kazubu.lepidum@gmail.com>
- Date: Thu, 23 Jun 2011 00:23:23 +0900
- To: Marc Williams <netsequent@gmail.com>
- Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>
I agree. In addition, I think we should avoid not only "zero length password" but also weak passwords (e.g. 12345, qwerty, etc...). This problem may be operation policy issue, however, might be considering. 2011/6/22 Marc Williams <netsequent@gmail.com>: >>> * a method that hands over a password (or a password-equivalent) >>> * a method whose UI can be imitated by malicious sites. >>> >>> Of course there might be more items, please append. > > > > > A method which pemits zero length password authentication > > > Marc Williams > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- SHIMIZU, Kazuki
Received on Wednesday, 22 June 2011 20:52:45 UTC