- From: Jeff Goldberg <jeff@agilebits.com>
- Date: Fri, 6 Apr 2018 14:01:56 -1000
- To: public-webappsec@w3.org
- Message-Id: <C0EB5879-259A-4C58-8EC9-A64B03E2DA06@agilebits.com>
Mike West <mkwst@google.com> wrote: > I share Brad's opinion that it would be possible to do a bit more if we have server-side cooperation, and that there's real value in creating more opportunities for that kind of cooperation. I'd sketched out an automated password-changing mechanism a while back ( > https://mikewest.github.io/change-password/), which might be a reasonable place to start the conversation for something more robust if that's something in which folks end up being interested. I completely agree that we can do more and I really want to see that. I was, indeed, thinking of your proposal when I spoke of previous attempts that were never acted on. So I would love to see (something very much like) what you propose be available as an option. But I like offering sites the ability to add the well-known file without having to change anything else they do. I believe that that is the only way we would ever get a hint of a smidgen of initial adoption. I think we can do both, but we also want something that is useful and dead easy for services to adopt. Cheers, -j –- Jeffrey Goldberg Chief Defender Against the Dark Arts @ AgileBits https://1password.com
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Monday, 9 April 2018 08:32:02 UTC