ISSUE-52: Sending passwords in the clear

passwordsInTheClear-52

Sending passwords in the clear

State:

CLOSED

Product:

Raised by:

Tim Berners-Lee

Opened on:

2006-04-18

Description:

Many applications send passwords in the clear. This raises obvious security issues. The TAG should recommend not to send passwords in the clear and propose alternatives.

note finding: http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20081008.html

Related Actions Items:

• ACTION-36 on Stuart Williams to summarize passwords in the clear discussion to Mary [MEZ] and make plans for further progress - due 2007-08-24, closed
• ACTION-40 on Stuart Williams to Send MEZ email asking for a joint meeting with the Security WGduring the Plenary - due 2007-10-25, closed
• ACTION-89 on Dan Connolly to Note the old submission about logout button under passwordsInTheClear - due 2008-01-17, closed
• ACTION-85 on David Orchard to Produce another draft of Passwords in the Clear finding, based on comments from 15 November telcon, publish it and invite comment - due 2008-01-31, closed
• ACTION-97 on Norman Walsh to Create a diff of passwordsInTheClear - due 2008-02-07, closed
• ACTION-99 on David Orchard to Revise the finding and publish it directly, unless he feels the need for more review before publication - due 2008-02-14, closed
• ACTION-104 on David Orchard to Summarize feedback on passwords-in-the-clear draft of 11 Feb - due 2008-02-28, closed
• ACTION-134 on David Orchard to Ask security context about the exact breakage of digest - due 2008-04-17, closed
• ACTION-135 on David Orchard to Make the change to passwords MUST NOT be sent in the clear - due 2008-04-17, closed
• ACTION-138 on David Orchard to Revise passwords in clear finding to discuss strong passwords with digest auth. - due 2008-05-08, closed
• ACTION-139 on Noah Mendelsohn to Review Dave's redraft of passwords in the clear (dealing with digest auth and strong passwords) - due 2008-05-08, closed
• ACTION-150 on David Orchard to Finish refs etc on passwords in the clear finding [inc post Sept 2008 F2F updates] - due 2008-10-16, closed

Related emails:

1. TAG minutes 9 Oct 2008 (from ndw@nwalsh.com on 2008-10-15)
2. TAG Telcon Agenda 9th Oct 2008: 'Content Transformation Guidelines' LC Review; passwordsInTheClear-52; binaryXML-30; TAG@TPAC (from skw@hp.com on 2008-10-08)
3. TAG Telcon Agenda for 2nd October 2008: abbreviatedURI-56; WS-* ; Content Transformation Guidlines LC Review Req; httpRedirection-57; passwordInTheClear-52; tagSoupIntegration-54; TAG@TPAC (from skw@hp.com on 2008-10-01)
4. Re: TAG Telcon Agenda Draft for 2nd October 2008 (from ashok.malhotra@oracle.com on 2008-10-01)
5. TAG Telcon Agenda Draft for 2nd October 2008 (from skw@hp.com on 2008-10-01)
6. Agenda for TAG F2F Meeting 23-25th September 2008 (from skw@hp.com on 2008-09-17)
7. Re: Draft agenda for TAG telcon 16th Sept 2008 available (from noah_mendelsohn@us.ibm.com on 2008-09-02)
8. Draft agenda for TAG telcon 16th Sept 2008 available (from skw@hp.com on 2008-09-02)
9. TAG 'back-to-school' Telcon Agenda: 28th Aug 2008: Review Requests; F2F Agenda; UrnsAndRegistries-50; passwordsInTheClear-52; contentTypeOverride-24; tagSoupIntegration-54 (from skw@hp.com on 2008-08-28)
10. Initial Draft agenda for 28th Aug TAG telcon. (from skw@hp.com on 2008-08-26)
11. Draft Telcon Agenda for 10th July available for review. (from skw@hp.com on 2008-07-08)
12. TAG Telcon Agenda: 12th June 2008: namespaceDocument-8;passwordInTheClear-52;tagSoupIntegration-54;UrnsAndRegistries-50;XMLVersioning-41 (from skw@hp.com on 2008-06-11)
13. TAG Telcon Agenda for 5th June 2008: UrnsAndregistries-50; tagSoupIntegration-54;passwordsInTheClear-52; XMLVersioning-41 (from skw@hp.com on 2008-06-04)
14. DRAFT Minutes from TAG Telcon 29th May 2008 (from skw@hp.com on 2008-06-02)
15. TAG Telcon Agenda for 29th May 2008: UrnsAndRegistries-50; passwordInTheClear-52; tagSoupIntegration-54; XMLVersioning-41 (from skw@hp.com on 2008-05-28)
16. TAG Telcon Agenda: 15th May 2008; passwordsInTheClear-52; F2F Prep; Action Item clean up. (from skw@hp.com on 2008-05-14)
17. TAG Telcon agenda fro 8th May 2008: httpredirections-57; tagSoupIntegration-54; passwordsInThClear-52; webApplicationState-60 (from skw@hp.com on 2008-05-07)
18. RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-05-01)
19. RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-04-30)
20. TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from skw@hp.com on 2008-04-30)
21. TAG Telcon Agenda: 10th April 2008: XMLVersioning-41; passwordsInTheClear-52;tagSoupIntegration-54;UrnsAndRegistries-50 (from skw@hp.com on 2008-04-09)
22. RE: TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from dorchard@bea.com on 2008-02-20)
23. TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from skw@hp.com on 2008-02-20)
24. TAG Agenda(s): 14th February 2008 (Telcon); 26-28th Feb 2008 (F2F - Initial Draft) (from skw@hp.com on 2008-02-13)
25. TAG Telcon 7th Feb 2008: Agenda: UrnsAndRegistries-50; passwordsInTheClear-52; Overdue AI's; F2F Planning. (from skw@hp.com on 2008-02-06)
26. [passwordsInTheClear-52] Some comments on http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20080124.html (from skw@hp.com on 2008-02-04)
27. RE: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
28. Re: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from ashok.malhotra@oracle.com on 2008-01-30)
29. TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
30. passwordsInTheClear-52 related work: logout ISSUE-52 (from connolly@w3.org on 2008-01-17)
31. TAG Weekly Telcon agenda for 29th Nov 2007; abbreviatedURI-56; binaryXML-30; passwordInTheClear-52; review request; namespaceDocument-8 (from skw@hp.com on 2007-11-29)
32. Regrets for Nov 15th (from rhys@volantis.com on 2007-11-14)
33. TAG Telcon agenda 15th Nov 2007: abbreviatedURI-56, binaryXML-30, passwordsInTheClear-52, httpRedirections-57 (from skw@hp.com on 2007-11-13)
34. RE: TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from dorchard@bea.com on 2007-09-26)
35. TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from skw@hp.com on 2007-09-26)
36. TAG Weekly (from on 2007-01-23)
37. Asking too much of User Agents: Passwords in the clear again (from Henry S. Thompson <ht@inf.ed.ac.uk> on 2007-01-23)
38. TAG telcon (from on 2007-01-09)
39. TAG telcon (from on 2007-01-09)
40. (from on 2007-01-02)
41. Tidy your HTML (from on 2006-12-11)
42. TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
43. TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
44. (from on 2006-11-21)
45. (from on 2006-11-21)
46. Passwords in the Clear (from on 2006-11-13)
47. Weekly Tag Teleconference (from on 2006-10-10)
48. Weekly Tag Teleconference (from on 2006-10-10)
49. Passwords in the Clear (from on 2006-10-09)
50. TAG in Vancouver (from on 2006-10-04)
51. New draft TAG finding - Passwords in the Clear (from Vincent Quint <Vincent.Quint@inrialpes.fr> on 2006-10-02)
52. TAG Weekly (from on 2006-09-26)
53. TAG f2f, day 2, morning (from on 2006-06-13)
54. Tidy your HTML (from on 2006-04-19)
55. TAG in Vancouver (from on 2006-04-18)
56. SV_MEETING_TITLE (from on 2006-04-18)
57. SV_MEETING_TITLE (from on 2006-04-18)
58. SV_MEETING_TITLE (from on 2006-04-18)
59. SV_MEETING_TITLE (from on 2006-04-18)
60. SV_MEETING_TITLE (from on 2006-04-18)
61. Minutes of Tag F2F Afternoon of 20 Sept. 2005 (from on 2005-09-20)
62. Minutes of TAG face-to-face meeting, 14-16 June 2005, Cambridge, MA, USA (from on 2005-06-15)

Related notes:

Display change log