W3C home > Mailing lists > Public > www-tag@w3.org > October 2006

New draft TAG finding - Passwords in the Clear

From: Vincent Quint <Vincent.Quint@inrialpes.fr>
Date: Mon, 2 Oct 2006 11:02:56 +0200
To: www-tag@w3.org
Cc: Vincent.Quint@inrialpes.fr
Message-Id: <20061002110256.018e7350.Vincent.Quint@inrialpes.fr>


A new draft TAG finding is available for review and comments:

    Passwords in the Clear



The purpose of this finding is to clarify the security concerns around
using passwords on the world wide web.  Specifically, the objective is
to point out a few conclusions the TAG has come to;
1) Passwords MUST NOT be transmitted in clear test.
2) Passwords MUST NOT be displayed on the html form in clear test.
The purpose of this paper to explain these findings and give direction
around possible alternatives.

This will be discussed at the upcoming f2f meeting this week.
Comments on www-tag@w3.org are welcome.

Vincent Quint                       INRIA Rhône-Alpes
INRIA                               ZIRST
e-mail: Vincent.Quint@inria.fr      655 avenue de l'Europe
Tel.: +33 4 76 61 53 62             Montbonnot
Fax:  +33 4 76 61 52 07             38334 Saint Ismier Cedex
Received on Monday, 2 October 2006 09:03:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:13 UTC