- From: David Orchard <dorchard@bea.com>
- Date: Wed, 27 Jun 2007 09:53:44 -0700
- To: "John Cowan" <cowan@ccil.org>, "Williams, Stuart (HP Labs, Bristol)" <skw@hp.com>
- Cc: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, <www-tag@w3.org>, "Rice, Ed (ProCurve)" <ed.rice@hp.com>
I think it would be hard for a browser to tell the difference between low-security and non-low-security sites. So trying to have the browser do something for the non-low-security sites and avoid prompting on low-security seems impossible. I think that the people that don't want to be prompted and know that the site is low security is in a very small majority of the users of the web. I'd really like to still have the reliable basis to advise that UA's detect weakly protected password transfers. This would help any of the users of the non-low-security sites and perhaps prompt them to raise their security. Who knows, maybe also the low-security sites would raise their security level to avoid the UA's advising about their password transfers. Cheers, Dave > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] > On Behalf Of John Cowan > Sent: Wednesday, June 27, 2007 9:47 AM > To: Williams, Stuart (HP Labs, Bristol) > Cc: Mary Ellen Zurko; www-tag@w3.org; Rice, Ed (ProCurve) > Subject: Re: [passwordInTheClear-52]: A summary of where I > think we are. > > > Williams, Stuart (HP Labs, Bristol) scripsit: > > > 1) Some regard that there are reasonable use cases for weak > protection > > of passwords - and demur against the Good Practice advice: > "A client > > or browser SHOULD NOT transmit passwords in clear text." > > [snip] > > > a desire to find a reliable basis on which to advise > that UA's detect > > weakly protected password transfers; > > This combination strikes me as counterproductive. I have > made decisions I consider to be rational that low-security > passwords suffice for certain kinds of sites: for example, > sites that let me subscribe or unsubscribe to mailing lists. > If my browser yammers every time I deal with such a site, I > will shut it up, get someone else to shut it up, or find a > less compliant but more usable browser. I don't think I'm > alone in this feeling. > > -- > All Norstrilians knew what laughter was: John Cowan > it was "pleasurable corrigible malfunction". cowan@ccil.org > --Cordwainer Smith, Norstrilia > >
Received on Wednesday, 27 June 2007 16:54:37 UTC