New draft TAG finding - Passwords in the Clear from Vincent Quint on 2006-10-02 (www-tag@w3.org from October 2006)

From: Vincent Quint <Vincent.Quint@inrialpes.fr>
Date: Mon, 2 Oct 2006 11:02:56 +0200
To: www-tag@w3.org
Cc: Vincent.Quint@inrialpes.fr
Message-Id: <20061002110256.018e7350.Vincent.Quint@inrialpes.fr>

All,

A new draft TAG finding is available for review and comments:

    Passwords in the Clear

    http://www.w3.org/2001/tag/doc/passwordsInTheClear-52

Abstract:

The purpose of this finding is to clarify the security concerns around
using passwords on the world wide web.  Specifically, the objective is
to point out a few conclusions the TAG has come to;
1) Passwords MUST NOT be transmitted in clear test.
2) Passwords MUST NOT be displayed on the html form in clear test.
The purpose of this paper to explain these findings and give direction
around possible alternatives.

This will be discussed at the upcoming f2f meeting this week.
Comments on www-tag@w3.org are welcome.

Vincent.
--------------
Vincent Quint                       INRIA Rhône-Alpes
INRIA                               ZIRST
e-mail: Vincent.Quint@inria.fr      655 avenue de l'Europe
Tel.: +33 4 76 61 53 62             Montbonnot
Fax:  +33 4 76 61 52 07             38334 Saint Ismier Cedex
                                    France

Received on Monday, 2 October 2006 09:03:26 UTC