ISSUE-52: Sending passwords in the clear
passwordsInTheClear-52
Sending passwords in the clear
- State:
- CLOSED
- Product:
- Raised by:
- Tim Berners-Lee
- Opened on:
- 2006-04-18
- Description:
- Many applications send passwords in the clear. This raises obvious security issues. The TAG should recommend not to send passwords in the clear and propose alternatives.
note finding: http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20081008.html - Related Actions Items:
ACTION-36 on Stuart Williams to summarize passwords in the clear discussion to Mary [MEZ] and make plans for further progress - due 2007-08-24, closedACTION-40 on Stuart Williams to Send MEZ email asking for a joint meeting with the Security WGduring the Plenary - due 2007-10-25, closedACTION-89 on Dan Connolly to Note the old submission about logout button under passwordsInTheClear - due 2008-01-17, closedACTION-85 on David Orchard to Produce another draft of Passwords in the Clear finding, based on comments from 15 November telcon, publish it and invite comment - due 2008-01-31, closedACTION-97 on Norman Walsh to Create a diff of passwordsInTheClear - due 2008-02-07, closedACTION-99 on David Orchard to Revise the finding and publish it directly, unless he feels the need for more review before publication - due 2008-02-14, closedACTION-104 on David Orchard to Summarize feedback on passwords-in-the-clear draft of 11 Feb - due 2008-02-28, closedACTION-134 on David Orchard to Ask security context about the exact breakage of digest - due 2008-04-17, closedACTION-135 on David Orchard to Make the change to passwords MUST NOT be sent in the clear - due 2008-04-17, closedACTION-138 on David Orchard to Revise passwords in clear finding to discuss strong passwords with digest auth. - due 2008-05-08, closedACTION-139 on Noah Mendelsohn to Review Dave's redraft of passwords in the clear (dealing with digest auth and strong passwords) - due 2008-05-08, closedACTION-150 on David Orchard to Finish refs etc on passwords in the clear finding [inc post Sept 2008 F2F updates] - due 2008-10-16, closed- Related emails:
- TAG minutes 9 Oct 2008 (from ndw@nwalsh.com on 2008-10-15)
- TAG Telcon Agenda 9th Oct 2008: 'Content Transformation Guidelines' LC Review; passwordsInTheClear-52; binaryXML-30; TAG@TPAC (from skw@hp.com on 2008-10-08)
- TAG Telcon Agenda for 2nd October 2008: abbreviatedURI-56; WS-* ; Content Transformation Guidlines LC Review Req; httpRedirection-57; passwordInTheClear-52; tagSoupIntegration-54; TAG@TPAC (from skw@hp.com on 2008-10-01)
- Re: TAG Telcon Agenda Draft for 2nd October 2008 (from ashok.malhotra@oracle.com on 2008-10-01)
- TAG Telcon Agenda Draft for 2nd October 2008 (from skw@hp.com on 2008-10-01)
- Agenda for TAG F2F Meeting 23-25th September 2008 (from skw@hp.com on 2008-09-17)
- Re: Draft agenda for TAG telcon 16th Sept 2008 available (from noah_mendelsohn@us.ibm.com on 2008-09-02)
- Draft agenda for TAG telcon 16th Sept 2008 available (from skw@hp.com on 2008-09-02)
- TAG 'back-to-school' Telcon Agenda: 28th Aug 2008: Review Requests; F2F Agenda; UrnsAndRegistries-50; passwordsInTheClear-52; contentTypeOverride-24; tagSoupIntegration-54 (from skw@hp.com on 2008-08-28)
- Initial Draft agenda for 28th Aug TAG telcon. (from skw@hp.com on 2008-08-26)
- Draft Telcon Agenda for 10th July available for review. (from skw@hp.com on 2008-07-08)
- TAG Telcon Agenda: 12th June 2008: namespaceDocument-8;passwordInTheClear-52;tagSoupIntegration-54;UrnsAndRegistries-50;XMLVersioning-41 (from skw@hp.com on 2008-06-11)
- TAG Telcon Agenda for 5th June 2008: UrnsAndregistries-50; tagSoupIntegration-54;passwordsInTheClear-52; XMLVersioning-41 (from skw@hp.com on 2008-06-04)
- DRAFT Minutes from TAG Telcon 29th May 2008 (from skw@hp.com on 2008-06-02)
- TAG Telcon Agenda for 29th May 2008: UrnsAndRegistries-50; passwordInTheClear-52; tagSoupIntegration-54; XMLVersioning-41 (from skw@hp.com on 2008-05-28)
- TAG Telcon Agenda: 15th May 2008; passwordsInTheClear-52; F2F Prep; Action Item clean up. (from skw@hp.com on 2008-05-14)
- TAG Telcon agenda fro 8th May 2008: httpredirections-57; tagSoupIntegration-54; passwordsInThClear-52; webApplicationState-60 (from skw@hp.com on 2008-05-07)
- RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-05-01)
- RE: TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from dorchard@bea.com on 2008-04-30)
- TAG Telcon Agenda for 1st May 2008: tagSoupIntegration-54; UrnsAndRegistries-50; passwordsInTheClear-52; abbreviatedURIs-56 (from skw@hp.com on 2008-04-30)
- TAG Telcon Agenda: 10th April 2008: XMLVersioning-41; passwordsInTheClear-52;tagSoupIntegration-54;UrnsAndRegistries-50 (from skw@hp.com on 2008-04-09)
- RE: TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from dorchard@bea.com on 2008-02-20)
- TAG Telcon agenda for 21st February 2008: httpRedirection-57; abbreviatedURIs-56; passwordInTheClear-52; namespaceDocument-8 (from skw@hp.com on 2008-02-20)
- TAG Agenda(s): 14th February 2008 (Telcon); 26-28th Feb 2008 (F2F - Initial Draft) (from skw@hp.com on 2008-02-13)
- TAG Telcon 7th Feb 2008: Agenda: UrnsAndRegistries-50; passwordsInTheClear-52; Overdue AI's; F2F Planning. (from skw@hp.com on 2008-02-06)
- [passwordsInTheClear-52] Some comments on http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20080124.html (from skw@hp.com on 2008-02-04)
- RE: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
- Re: TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from ashok.malhotra@oracle.com on 2008-01-30)
- TAG Telcon Agenda for 31st January 2008: 2008 F2F Schedule; tagSoupIntegration-54; contentTypeOverride-24;passwordsInTheClear-52;Vancouver F2F. (from skw@hp.com on 2008-01-30)
- passwordsInTheClear-52 related work: logout ISSUE-52 (from connolly@w3.org on 2008-01-17)
- TAG Weekly Telcon agenda for 29th Nov 2007; abbreviatedURI-56; binaryXML-30; passwordInTheClear-52; review request; namespaceDocument-8 (from skw@hp.com on 2007-11-29)
- Regrets for Nov 15th (from rhys@volantis.com on 2007-11-14)
- TAG Telcon agenda 15th Nov 2007: abbreviatedURI-56, binaryXML-30, passwordsInTheClear-52, httpRedirections-57 (from skw@hp.com on 2007-11-13)
- RE: TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from dorchard@bea.com on 2007-09-26)
- TAG telcon Agenda for 27th September 2007: [TechPlenary; binaryXML-28; XMLVersioning-41] (from skw@hp.com on 2007-09-26)
- TAG Weekly (from on 2007-01-23)
- Asking too much of User Agents: Passwords in the clear again (from Henry S. Thompson <ht@inf.ed.ac.uk> on 2007-01-23)
- TAG telcon (from on 2007-01-09)
- TAG telcon (from on 2007-01-09)
- (from on 2007-01-02)
- Tidy your HTML (from on 2006-12-11)
- TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
- TAG F2F Meeting, Boston 11 Dec 2006 (from on 2006-12-11)
- (from on 2006-11-21)
- (from on 2006-11-21)
- Passwords in the Clear (from on 2006-11-13)
- Weekly Tag Teleconference (from on 2006-10-10)
- Weekly Tag Teleconference (from on 2006-10-10)
- Passwords in the Clear (from on 2006-10-09)
- TAG in Vancouver (from on 2006-10-04)
- New draft TAG finding - Passwords in the Clear (from Vincent Quint <Vincent.Quint@inrialpes.fr> on 2006-10-02)
- TAG Weekly (from on 2006-09-26)
- TAG f2f, day 2, morning (from on 2006-06-13)
- Tidy your HTML (from on 2006-04-19)
- TAG in Vancouver (from on 2006-04-18)
- SV_MEETING_TITLE (from on 2006-04-18)
- SV_MEETING_TITLE (from on 2006-04-18)
- SV_MEETING_TITLE (from on 2006-04-18)
- SV_MEETING_TITLE (from on 2006-04-18)
- SV_MEETING_TITLE (from on 2006-04-18)
- Minutes of Tag F2F Afternoon of 20 Sept. 2005 (from on 2005-09-20)
- Minutes of TAG face-to-face meeting, 14-16 June 2005, Cambridge, MA, USA (from on 2005-06-15)
Related notes:
[DanC]: finding: http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20081008.html
13 Nov 2008, 18:49:20Display change log