- From: Paul Libbrecht <paul@activemath.org>
- Date: Mon, 30 Jun 2008 10:15:28 +0200
- To: "SJ Kissane" <skissane@gmail.com>
- Cc: www-tag@w3.org
- Message-Id: <C08BF85E-A0C9-4376-A526-77E4C00E77EE@activemath.org>
Le 26-juin-08 à 11:49, SJ Kissane a écrit : > Seriously, in today's world, given the wide availability of both > proprietary and open source SSL/TLS solutions, and the significant > industry experience in implementing them (I mean, even my cell phone > does TLS!), is there any circumstances in which Digest authentication > is justified? Should not therefore digest authentication be simply > *deprecated*? By no means. There's one single reason why TLS/SSL has failed to be convincing to all users: self-signed-certificates are considered bad and announced as such. The wrong thing is that: identity and encryption have been put in the same basket so much that no user knows that SSL with, e.g., banks, is safe if you actually considered the certficate's identity name (that one is "guaranteed") and that it is the best anti-phishing way. Instead, people just speak about "secure" communication meaning... encrypted. And then self-signed certificates are considered bad practice. So the single reason of digest: no-annoyance no-password-in-the-clear. (since self-signed means annoyance). paul
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Monday, 30 June 2008 08:16:09 UTC