- From: <Alastair.Green@barclayscapital.com>
- Date: Thu, 14 Dec 2006 16:07:29 -0000
- To: <cowan@ccil.org>
- Cc: <www-tag@w3.org>, <alastair.green@choreology.com>
The security of data in motion derived from SSL is what allows you to use Basic Auth (transmit a password "in the clear"). So, if you combine the two, then we get encrypted transmission of a shared secret that enables both sides to establish a reasonable level of trust. That was the point of mentioning protecting data in transmission: we need to protect the password. What you do with the data thereafter is your choice, tho' I doubt you're going to flip back to HTTP-no-S to move the credit card details. You've now got a trusted, encrypted pipe. And only one side needed a certificate. It's not perfect, but it works. It works so well that Digest Auth never got off the ground, as far as I can tell. Which, I guess, is another way of saying that I agree with you that Basic Auth in the clear can be just fine so long as the value of the data and of the interaction is very low, and I think it would be fine to say that with a "caveat emptor" in something like the TAG document. There is no harm in encouraging people to consider the trade-offs (do the threat analysis), and I agree with your emphasis on that. I am not a fan of security technology for security technology's sake. However, in my view the central answer to the question "shoud passwords go in the clear" is "No". There are outlier cases, but they are not the place to start. Alastair -----Original Message----- From: John Cowan [mailto:cowan@ccil.org] Sent: 14 December 2006 15:42 To: Green, Alastair: IT (LDN) Cc: www-tag@w3.org; alastair.green@choreology.com Subject: Re: Passwords in the Clear Alastair.Green@barclayscapital.com scripsit: > Certificates don't give you high protection from fraudulent endpoints, > I agree, but they give some, and they do give you protection from > observation of data in motion. Protecting data in transmission is a very different point from protecting passwords. If you need the former, you might as well have the latter. I understand the issue here to be one in which secure data is not a requirement but secure access supposedly is. -- Is a chair finely made tragic or comic? Is the John Cowan portrait of Mona Lisa good if I desire to see cowan@ccil.org it? Is the bust of Sir Philip Crampton lyrical, http://ccil.org/~cowan epical or dramatic? If a man hacking in fury at a block of wood make there an image of a cow, is that image a work of art? If not, why not? --Stephen Dedalus ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
Received on Thursday, 14 December 2006 16:07:49 UTC