Re: Passwords in the Clear scripsit:

> Contrariwise,  a ukase against passwords in the clear seems appropriate
> because a) it's a gross and inarguable security violation, and b)
> everyone has the equipment to implement the solution, even when using
> free software. Cost = 0, benefit > 0 => no-brainer.

I continue to disagree.  Sometimes passwords in the clear provide
just enough security to be useful without being intrusive, in which
case the benefit of stronger security = 0.  And the cost of HTTPS is
still greater than zero: server operators must either pay for
certificates or use self-certification and deal with nervous
customers who worry about unknown-certifier popups in their browsers,
though typical certificates are about as reliable as self-certificates,
that is to say, not at all.

Even the best of friends cannot                 John Cowan
attend each others' funeral.          
        --Kehlog Albran, The Profit   

Received on Wednesday, 13 December 2006 14:17:19 UTC