- From: James A. Donald <jamesd@echeque.com>
- Date: Sat, 28 Jun 2008 22:55:55 +1000
- To: Chris Drake <christopher@pobox.com>
- CC: "Doyle, Bill" <wdoyle@mitre.org>, Dan Connolly <connolly@w3.org>, www-tag <www-tag@w3.org>, public-usable-authentication@w3.org
Chris Drake wrote: > Most "scenarios" are request-response (eg: HTTP or SMTP etc). You > cannot trivially engineer password protection over this architecture. > Ask one of your cryptographers to explain "why" to you. Poor UI and security design decisions made long, long ago, and thoroughly built into today's architecture. Can be changed, should be changed. Hard to change.
Received on Saturday, 28 June 2008 12:56:41 UTC