ISSUE-52

passwordsInTheClear-52

Sending passwords in the clear

State:

OPEN

Product:

Raised by:

Opened on:

2006-04-18

Description:

Many applications send passwords in the clear. This raises obvious security issues. The TAG should recommend not to send passwords in the clear and propose alternatives.
 

Related Actions Items:

• ACTION-36 on Stuart Williams to summarize passwords in the clear discussion to Mary [MEZ] and make plans for further progress - due 2007-08-24, closed
• ACTION-40 on Stuart Williams to Send MEZ email asking for a joint meeting with the Security WGduring the Plenary - due 2007-10-25, closed
• ACTION-85 on David Orchard to Produce another draft of Passwords in the Clear finding, based on comments from 15 November telcon, publish it and invite comment - due 2008-01-31, closed
• ACTION-89 on Dan Connolly to Note the old submission about logout button under passwordsInTheClear - due 2008-01-17, closed
• ACTION-97 on Norman Walsh to Create a diff of passwordsInTheClear - due 2008-02-07, closed
• ACTION-99 on David Orchard to Revise the finding and publish it directly, unless he feels the need for more review before publication - due 2008-02-14, closed
• ACTION-104 on David Orchard to Summarize feedback on passwords-in-the-clear draft of 11 Feb - due 2008-02-28, closed
• ACTION-134 on David Orchard to Ask security context about the exact breakage of digest - due 2008-04-17, closed
• ACTION-135 on David Orchard to Make the change to passwords MUST NOT be sent in the clear - due 2008-04-17, closed
• ACTION-138 on David Orchard to Revise passwords in clear finding to discuss strong passwords with digest auth. - due 2008-05-08, pending review
• ACTION-139 on Noah Mendelsohn to Review Dave's redraft of passwords in the clear (dealing with digest auth and strong passwords) - due 2008-05-08, pending review

Related emails:

1. TAG Telcon agenda fro 8th May 2008: httpredirections-57; tagSoupIntegration-54; passwordsInThClear-52; webApplicationState-60 (from skw@hp.com on 2008-05-07)
2. RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-05-01)
3. RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-04-30)
4. TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from skw@hp.com on 2008-04-30)
5. TAG Telcon Agenda: 10th April 2008: XMLVersioning-41; passwordsInTheClear-52;tagSoupIntegration-54;UrnsAndRegistries-50 (from skw@hp.com on 2008-04-09)
6. RE: TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from dorchard@bea.com on 2008-02-20)
7. TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from skw@hp.com on 2008-02-20)
8. TAG Agenda(s): 14th February 2008 (Telcon); 26-28th Feb 2008 (F2F - Initial Draft) (from skw@hp.com on 2008-02-13)
9. TAG Telcon 7th Feb 2008: Agenda: UrnsAndRegistries-50; passwordsInTheClear-52; Overdue AI's; F2F Planning. (from skw@hp.com on 2008-02-06)
10. [passwordsInTheClear-52] Some comments on http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20080124.html (from skw@hp.com on 2008-02-04)
11. RE: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
12. Re: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from ashok.malhotra@oracle.com on 2008-01-30)
13. TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
14. passwordsInTheClear-52 related work: logout ISSUE-52 (from connolly@w3.org on 2008-01-17)
15. TAG Weekly Telcon agenda for 29th Nov 2007; abbreviatedURI-56; binaryXML-30; passwordInTheClear-52; review request; namespaceDocument-8 (from skw@hp.com on 2007-11-29)
16. Regrets for Nov 15th (from rhys@volantis.com on 2007-11-14)
17. TAG Telcon agenda 15th Nov 2007: abbreviatedURI-56, binaryXML-30, passwordsInTheClear-52, httpRedirections-57 (from skw@hp.com on 2007-11-13)
18. RE: TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from dorchard@bea.com on 2007-09-26)
19. TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from skw@hp.com on 2007-09-26)
20. Asking too much of User Agents: Passwords in the clear again (from Henry S. Thompson on 2007-01-23)
21. TAG Weekly (from on 2007-01-23)
22. TAG telcon (from on 2007-01-09)
23. TAG telcon (from on 2007-01-09)
24. (from on 2007-01-02)
25. Tidy your HTML (from on 2006-12-11)
26. TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
27. TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
28. (from on 2006-11-21)
29. (from on 2006-11-21)
30. Passwords in the Clear (from on 2006-11-13)
31. Weekly Tag Teleconference (from on 2006-10-10)
32. Weekly Tag Teleconference (from on 2006-10-10)
33. Passwords in the Clear (from on 2006-10-09)
34. TAG in Vancouver (from on 2006-10-04)
35. New draft TAG finding - Passwords in the Clear (from Vincent Quint on 2006-10-02)
36. TAG Weekly (from on 2006-09-26)
37. TAG f2f, day 2, morning (from on 2006-06-13)
38. Tidy your HTML (from on 2006-04-19)
39. TAG in Vancouver (from on 2006-04-18)
40. SV_MEETING_TITLE (from on 2006-04-18)
41. SV_MEETING_TITLE (from on 2006-04-18)
42. SV_MEETING_TITLE (from on 2006-04-18)
43. SV_MEETING_TITLE (from on 2006-04-18)
44. SV_MEETING_TITLE (from on 2006-04-18)
45. Minutes of Tag F2F Afternoon of 20 Sept. 2005 (from on 2005-09-20)
46. Minutes of TAG face-to-face meeting, 14-16 June 2005, Cambridge, MA, USA (from on 2005-06-15)

Related notes:

No additional notes.

Display change log.