Re: [websec] [saag] Fwd: [http-auth] re-call for IETF http-auth BoF
"SHIMIZU, Kazuki" <kazubu.lepidum@gmail.com> Wed, 22 June 2011 15:23 UTC
Return-Path: <kazubu.lepidum@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A135611E80B8; Wed, 22 Jun 2011 08:23:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=1.110, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcrI2UG7W9s3; Wed, 22 Jun 2011 08:23:50 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id D8B5F11E810A; Wed, 22 Jun 2011 08:23:49 -0700 (PDT)
Received: by pwj5 with SMTP id 5so716027pwj.31 for <multiple recipients>; Wed, 22 Jun 2011 08:23:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=6arHhX7E9aXvQiKGZPTZVPKmgqq09jYj5lfsEi15doU=; b=xjzfItAn9U61uQetmqOquLeRsM/2+OSNeTgPyrcJ1092NSTkYcMzsJ5yxt+IoWCn7x AIxqS6C2Ty2TFL8PkqjUM+MSAB+Lg2Rjc5qwohnEt20zjr6Fg3Dvc+aM+6bD34KrIp58 b7qWJeeQ/1mTimpYVWNiE7c7jWF8tnS/TGeU0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=YvpjL25DvWbCbqEw8aZ1WuVJM9lRnzbdIDuBjmz53tWN5+9mxhU/in5dJ8ttSnwsGY u/Lh/DQc+3np1VbchJP7t9PwLJvwJNSSlj/W/WSlCTut7ZimWbafGDTjxEpTL/QDikT1 JUjCdYVF9Cez8Pg/723sDNCC/3T+5vNCmUE4I=
Received: by 10.143.25.29 with SMTP id c29mr174189wfj.381.1308756223182; Wed, 22 Jun 2011 08:23:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.143.91.20 with HTTP; Wed, 22 Jun 2011 08:23:23 -0700 (PDT)
In-Reply-To: <08A16114-A59F-4EA7-906B-E1273C6A0100@gmail.com>
References: <trg0YszL9F4Q.471l1SVV@smtp.o2.co.uk> <BANLkTi=seeFm0F0TFoA9__uERg_F1L37Tg@mail.gmail.com> <E3C31DB7-6AAA-4EF0-BA5F-BBE7C7EA6EEA@w3.org> <08A16114-A59F-4EA7-906B-E1273C6A0100@gmail.com>
From: "SHIMIZU, Kazuki" <kazubu.lepidum@gmail.com>
Date: Thu, 23 Jun 2011 00:23:23 +0900
Message-ID: <BANLkTikR9Ud5-yFzjYxu+V0vqcQCExyF4g@mail.gmail.com>
To: Marc Williams <netsequent@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "public-identity@w3.org" <public-identity@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "websec@ietf.org" <websec@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [websec] [saag] Fwd: [http-auth] re-call for IETF http-auth BoF
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2011 15:23:50 -0000
I agree. In addition, I think we should avoid not only "zero length password" but also weak passwords (e.g. 12345, qwerty, etc...). This problem may be operation policy issue, however, might be considering. 2011/6/22 Marc Williams <netsequent@gmail.com>: >>> * a method that hands over a password (or a password-equivalent) >>> * a method whose UI can be imitated by malicious sites. >>> >>> Of course there might be more items, please append. > > > > > A method which pemits zero length password authentication > > > Marc Williams > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- SHIMIZU, Kazuki
- [websec] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [websec] re-call for IETF http-auth BoF Harry Halpin
- Re: [websec] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [websec] [http-auth] re-call for IETF http-au… Julian Reschke
- Re: [websec] [http-auth] re-call for IETF http-au… Phillip Hallam-Baker
- Re: [websec] [http-auth] re-call for IETF http-au… Alexey Melnikov
- Re: [websec] [saag] [http-auth] re-call for IETF … Peter Gutmann
- Re: [websec] [saag] [http-auth] re-call for IETF … Nico Williams
- Re: [websec] [saag] [http-auth] re-call for IETF … Stephen Farrell
- Re: [websec] [saag] [http-auth] re-call for IETF … KIHARA, Boku
- [websec] Fwd: [saag] [http-auth] re-call for IETF… KIHARA, Boku
- Re: [websec] Fwd: [saag] [http-auth] re-call for … Thomas Roessler
- Re: [websec] [saag] [http-auth] re-call for IETF … Yutaka OIWA
- Re: [websec] [saag] Fwd: [http-auth] re-call for … SHIMIZU, Kazuki
- Re: [websec] [saag] Fwd: [http-auth] re-call for … Yutaka OIWA
- Re: [websec] [http-auth] [saag] Fwd: re-call for … Yutaka OIWA
- Re: [websec] [saag] Fwd: [http-auth] re-call for … Marsh Ray
- Re: [websec] [saag] [http-auth] re-call for IETF … Thomas Fossati
- Re: [websec] [saag] [http-auth] re-call for IETF … Phillip Hallam-Baker