[5176] in www-talk@info.cern.ch
Re: Minimal Authorization
daemon@ATHENA.MIT.EDU (Stephen D Crocker)
Sat Aug 13 15:43:23 1994
Date: Sat, 13 Aug 1994 21:41:01 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: crocker@tis.com
From: Stephen D Crocker <crocker@tis.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Brian, et al.,
The essence of your argument is that nothing serious will happen if
the password is stolen. If so, then it's basically unimportant to
have a password in the first place; just use names without any
protection at all.
Once you go to the trouble of having state information specific to the
user maintained on the server, i.e. a secret shared between the user
and the server, you've already decided there's something worth
protecting. In that case, protecitng the password in transit seems
obligatory.
You're arguing otherwise. I don't know of applications where it makes
sense to have passwords but doesn't matter if the passwords are
disclosed to unauthorized people as they're sent over the network. I
suppose there might be such applications, but I don't know of any.
The issue isn't whether the ordinary *user* is competent to mount a
sniffing attack; the question is what the ordinary *hacker* will do.
Steve
