- From: Dan Connolly <connolly@w3.org>
- Date: Tue, 3 Oct 2006 13:32:56 -0500
- To: Vincent.Quint@inrialpes.fr
- Cc: www-tag@w3.org
On Oct 2, 2006, at 4:02 AM, Vincent Quint wrote: > http://www.w3.org/2001/tag/doc/passwordsInTheClear-52 I see... "While the W3C does maintain a security reference page to its work1, it has not been active in promoting security, instead allowing the market to drive improvements. " I don't agree with that; regardless, I don't see what it adds; please take it out. > Abstract: > > The purpose of this finding is to clarify the security concerns around > using passwords on the world wide web. Specifically, the objective is > to point out a few conclusions the TAG has come to; > 1) Passwords MUST NOT be transmitted in clear test. It seems to say SHOULD NOT in the body. Why the difference? ed.: s/test/text/ also... there's an IETF RFC on passwords in the clear that Ed and I found a while ago... darn; I can't find it now. -- Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Tuesday, 3 October 2006 18:33:10 UTC