- From: Ben Maurer <ben.maurer@gmail.com>
- Date: Thu, 16 Oct 2014 14:31:59 +0200
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: whatwg <whatwg@lists.whatwg.org>, Mike West <mkwst@google.com>, Sigbjørn Vik <sigbjorn@opera.com>, John Mellor <johnme@google.com>, rescator@emsai.net
Correct. For example, if you used CloudFlare to terminate your SSL traffic, this measure would prevent CloudFlare from ever seeing your passwords. The key to decrypt the password (or CC#) can be limited to the absolute minimal surface area necessary. On Thu, Oct 16, 2014 at 2:27 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Oct 16, 2014 at 2:22 PM, Ben Maurer <ben.maurer@gmail.com> wrote: > > It reduces the number of systems which are exposed > > to the password. > > You mean after the password arrives at the server? Because for > transfer we should advocate TLS. > > > -- > https://annevankesteren.nl/ >
Received on Thursday, 16 October 2014 12:32:27 UTC