- From: Chris Drake <christopher@pobox.com>
- Date: Wed, 20 Jun 2007 00:54:27 +1000
- To: public-usable-authentication@w3.org
Hi,
I present just one review comment - the exclusive nature of the scope
renders much of the rest of the document largely pointless.
Victims care about not becoming victims. They're not interested in
only avoiding becoming a victim in a predefined narrow set of
circumstances. They just want to be safe.
It *should* be the simple goal of any WSC draft to propose genuine
usable solutions that protect potential victims in as many hostile
situations as possible.
Good: Follow these recommendations, and your users will be safe.
Bad: Follow these recommendations, and attackers will adjust to
taking advantage of your users using slightly different
techniques to before.
There are a lot of experts and smart people on this list. While I
sympathize with the enormity of the task involved in correcting the
goals and scope of this document, I think it's well worth while, since
this is the last time you'll be able to seriously access these
professionals and their experience in order to produce a work that
could do some serious good to the world.
Kind Regards,
Chris Drake
Received on Tuesday, 19 June 2007 14:54:46 UTC