nanog mailing list archives
Re: mail admins?
From: Michael Thomas <mike () mtcc com>
Date: Thu, 23 Apr 2020 19:47:58 -0700
On 4/23/20 7:35 PM, Matt Palmer wrote:
On Thu, Apr 23, 2020 at 06:31:04PM -0700, Michael Thomas wrote:Passwords over the wire are the *key* problem of computer security. Nothing else even comes close.Hmm, a bold claim, but I'm confident the author will have strong support for their position.One only needs to look at the LinkedIn salting problemThat was a stored password problem, not a passwords-over-the-wire problem, but OK. I'm sure we'll be back on track shortly.
You can't have a stored password problem if you never see them.
While I do think webauthn is a neat idea, and solves at least one very real problem (credential theft via phishing), you do an absolutely terrible job of making that case.
see RFC 4876, it is not about phishing. not even a little bit. Never has been. Please get a clue.
Mike
Current thread:
- Re: mail admins?, (continued)
- Re: mail admins? Scott Weeks (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Scott Weeks (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Matt Palmer (Apr 23)
- Re: mail admins? William Herrin (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? William Herrin (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Matt Palmer (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Matt Palmer (Apr 23)
- Re: mail admins? Michael Thomas (Apr 24)
- Re: mail admins? Bryan Holloway (Apr 24)
- Re: mail admins? Michael Thomas (Apr 24)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Scott Weeks (Apr 23)
- Re: mail admins? Raymond Burkholder (Apr 23)
- Re: mail admins? Michael Thomas (Apr 23)
- Re: mail admins? Rich Kulawiec (Apr 26)
- Re: mail admins? Michael Thomas (Apr 26)
- Re: mail admins? Matt Palmer (Apr 26)
- Re: mail admins? Michael Thomas (Apr 26)