[Zope-PTK] PROPOSAL: A Confidence Mechanism in User Role Mana gement

Rob Page rob.page@digicool.com
Wed, 9 Feb 2000 23:47:45 -0500


>     So, if cleartext is less trustworthy because it's sniffable, it
> follows that using cleartext once compromises the secure 
> channels as well, and so they should be no more trusted than cleartext
UNTIL 
> the password's been changed.  Oh.  But, if you are now
less-than-confident 
> of the remote user, you can't let them change the password so as to
become trusted
> again!  D'oh.  Seems like a Catch 22, I must not be getting something.

This is a valid point.  This is why many sites have you login over SSL.
Perhaps they assign you an expiring cookie which you can carry around
and over unsecure channels.  Ideally, password specification and
password presentation are all done over secure comm - then you don't
have to discount the confidence in the password as an accurate
authentication mechanism.

--Rob