- From: Jeff Goldberg <jeff@agilebits.com>
- Date: Fri, 6 Apr 2018 13:41:16 -1000
- To: public-webappsec@w3.org
- Message-Id: <5F74FE68-3081-48A0-93A8-38D488BC09B5@agilebits.com>
> Maybe we have password manager folks on the list already? Would this well-known location be useful to you? Absolutely! What I like about this particular proposal is that it places much less burden on site developers than other proposals that have been made over the years. In a sense, this is less ambitious than other schemes but has a much greater chance of success. There are two uses I foresee. 1. The obvious one is when we recommend that users change a password that we can help direct them to the right resource to do so. 2. We also have a bunch of code in place to help guess whether someone has submitted a form which is a login form, a signup form, or a password change form. Making use of the information in /.well-known/modify-credentials can give us a big hint to work into our heuristics. Cheers, -j –- Jeffrey Goldberg Chief Defender Against the Dark Arts @ AgileBits https://1password.com
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Monday, 9 April 2018 08:32:02 UTC