[Tools-team] Agenda for the 14 June 2006 Teleconference
Tero Kivinen <kivinen@iki.fi> Wed, 14 June 2006 17:13 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1FqYvv-0000aA-6W; Wed, 14 Jun 2006 13:13:35 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1FqYvt-0000XL-RE
for tools-team@ietf.org; Wed, 14 Jun 2006 13:13:33 -0400
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi)
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FqYh5-0004km-3a
for tools-team@ietf.org; Wed, 14 Jun 2006 12:58:16 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1])
by mail.kivinen.iki.fi (8.13.5.20060308/8.12.10) with ESMTP id
k5EGw5go001220
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Wed, 14 Jun 2006 19:58:11 +0300 (EEST)
Received: (from kivinen@localhost)
by fireball.kivinen.iki.fi (8.13.5.20060308/8.12.11) id k5EGw52M020239;
Wed, 14 Jun 2006 19:58:05 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to
kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <17552.16412.516987.746408@fireball.kivinen.iki.fi>
Date: Wed, 14 Jun 2006 19:58:04 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Henrik Levkowetz <henrik@levkowetz.com>
Subject: [Tools-team] Agenda for the 14 June 2006 Teleconference
In-Reply-To: <44902CF5.4030606@levkowetz.com>
References: <44902CF5.4030606@levkowetz.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 9 min
X-Total-Time: 10 min
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: Tools-team <tools-team@ietf.org>
X-BeenThere: tools-team@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "The purpose of the TOOLS team is to provide IETF feedback and
guidance during the development of software tools to support
various parts of IETF activities." <tools-team.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tools-team>,
<mailto:tools-team-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tools-team>
List-Post: <mailto:tools-team@ietf.org>
List-Help: <mailto:tools-team-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tools-team>,
<mailto:tools-team-request@ietf.org?subject=subscribe>
Errors-To: tools-team-bounces@ietf.org
Henrik Levkowetz writes: > 2. Status review > > * Dashboard > - Henrik Some comments about loginmgr. 1) That login manager really needs to require TLS protection, i.e mandate that both the forms and the posts are always using TLS. 2) The URL for changing password should only work exactly once, not for 24 hours. The problem with 24 hours is that if someone manages to get the URL later from my mailbox or some other place he can change my password after I changed it. If it works exactly once, either I will get error that password has already been changed using the URL (i.e. I know there was attacker who stole my URL) or the attacker cannot change my password after I have successfully changed it. Perhaps storing the used auth sha1sum to some directory and checking that it cannot be there before continuing. -- kivinen@safenet-inc.com _______________________________________________ Tools-team mailing list Tools-team@ietf.org https://www1.ietf.org/mailman/listinfo/tools-team
- [Tools-team] Agenda for the 14 June 2006 Teleconf… Henrik Levkowetz
- [Tools-team] Agenda for the 14 June 2006 Teleconf… Tero Kivinen
- Re: [Tools-team] Agenda for the 14 June 2006 Tele… Henrik Levkowetz
- Re: [Tools-team] Agenda for the 14 June 2006 Tele… Tero Kivinen
- Re: [Tools-team] Agenda for the 14 June 2006 Tele… Henrik Levkowetz