- From: Elliotte Harold <elharo@metalab.unc.edu>
- Date: Fri, 10 Oct 2008 04:30:06 -0700
- To: Pat Hayes <phayes@ihmc.us>
- Cc: noah_mendelsohn@us.ibm.com, Jonathan Rees <jar@creativecommons.org>, David Orchard <orchard@pacificspirit.com>, "www-tag@w3.org" <www-tag@w3.org>
Pat Hayes wrote: > > Cleartext passwords may be dangerous, but the certainly WORK. Do they > endanger anyone other than the owner of the password? If not, I suggest > that anything beyond giving a clear warning is inappropriate. If people > take risks when cognizant of them, as they undoubtedly will, then may > their gods go with them, but its not the Web's (or anyone else's) > responsibility to protect the entire planet from risky behavior. There's a logical flaw here. This is not a case of people choosing to take risks. Rather it is an externality in which risks of cleartext passwords are imposed on clients by the servers they use. The benefits (ease of development, lower CPU cost) are garnered primarily by the server developer but the cost of lower security is borne by the client. In such circumstances, regulation is absolutely appropriate. -- Elliotte Rusty Harold elharo@metalab.unc.edu Refactoring HTML Just Published! http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA
Received on Friday, 10 October 2008 11:30:42 UTC