- From: John Cowan <cowan@ccil.org>
- Date: Tue, 14 Nov 2006 14:13:25 -0500
- To: noah_mendelsohn@us.ibm.com
- Cc: Vincent Quint <Vincent.Quint@inrialpes.fr>, www-tag@w3.org
noah_mendelsohn@us.ibm.com scripsit:
> With that in hand, I think the admonitions to "not solicit" passwords in
> the clear and not "transmit passwords in the clear" take on some teeth.
> This definition allows us to do what I think John is asking, which is to
> talk a bit more about basic vs. digest authentication, and to explain the
> senses in which each is or isn't "in the clear", when transmitted using
> ordinary HTTP over TCP vs HTTP over SSL or TLS.
That's part of my point, but not the most significant part, I think.
My other point (expressed in the blog posting) was that "in the clear"
and "secure" are endpoints in a security spectrum in which there are
good reasons for having more than no, and less than total, security.
--
John Cowan cowan@ccil.org
"Not to know The Smiths is not to know K.X.U." --K.X.U.
Received on Tuesday, 14 November 2006 19:13:40 UTC