Re: delegation and passwordsInTheClear-52

Chris Drake wrote:
> Most "scenarios" are request-response (eg: HTTP or SMTP etc).  You
> cannot trivially engineer password protection over this architecture.
> Ask one of your cryptographers to explain "why" to you.

Poor UI and security design decisions made long, long ago, and 
thoroughly built into today's architecture.

Can be changed, should be changed.  Hard to change.

Received on Saturday, 28 June 2008 12:56:41 UTC