[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mail admins?

On 4/23/20 7:35 PM, Matt Palmer wrote:
> On Thu, Apr 23, 2020 at 06:31:04PM -0700, Michael Thomas wrote:
>> Passwords over the wire are the *key* problem of computer security. Nothing
>> else even comes close.
> Hmm, a bold claim, but I'm confident the author will have strong support for
> their position.
>> One only needs to look at the LinkedIn salting problem
> That was a stored password problem, not a passwords-over-the-wire problem,
> but OK.  I'm sure we'll be back on track shortly.
You can't have a stored password problem if you never see them.
> While I do think webauthn is a neat idea, and solves at least one very real
> problem (credential theft via phishing), you do an absolutely terrible job
> of making that case.

see RFC 4876, it is not about phishing. not even a little bit. Never has 
been. Please get a clue.