Re: New version of Passwords in the Clear from John Cowan on 2006-11-14 (www-tag@w3.org from November 2006)

From: John Cowan <cowan@ccil.org>
Date: Tue, 14 Nov 2006 09:02:27 -0500
To: Vincent Quint <Vincent.Quint@inrialpes.fr>
Cc: www-tag@w3.org
Message-ID: <20061114140227.GF4154@ccil.org>

Vincent Quint scripsit:

> Thanks to Ed, a new version of the draft finding "Passwords in the Clear"
> is available at:
> 
>    http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20061113.html
>    http://www.w3.org/2001/tag/doc/passwordsInTheClear-52

This draft mentions HTTP basic authentication only obliquely; it should
make it clear that using it is an instance of passwords-in-the-clear.

IMHO the draft is too strongly worded; there are cases where simple
password protection is ample.  Please see
http://recycledknowledge.blogspot.com/2005/08/on-not-using-more-security-than-you.html
for my views on the subject.

-- 
You let them out again, Old Man Willow!                 John Cowan
What you be a-thinking of?  You should not be waking!   cowan@ccil.org
Eat earth!  Dig deep!  Drink water!  Go to sleep!
Bombadil is talking.                                    http://ccil.org/~cowan

Received on Tuesday, 14 November 2006 14:02:43 UTC