Re: New version of Passwords in the Clear scripsit:

> With that in hand, I think the admonitions to "not solicit" passwords in 
> the clear and not "transmit passwords in the clear" take on some teeth. 
> This definition allows us to do what I think John is asking, which is to 
> talk a bit more about basic vs. digest authentication, and to explain the 
> senses in which each is or isn't "in the clear", when transmitted using 
> ordinary HTTP over TCP vs HTTP over SSL or TLS.

That's part of my point, but not the most significant part, I think.
My other point (expressed in the blog posting) was that "in the clear"
and "secure" are endpoints in a security spectrum in which there are
good reasons for having more than no, and less than total, security.

John Cowan
        "Not to know The Smiths is not to know K.X.U."  --K.X.U.

Received on Tuesday, 14 November 2006 19:13:40 UTC