On Oct 7, 2015, at 8:09 PM, Edward Ned Harvey (lopser) <lop...@nedharvey.com> wrote: > So what if CBCrypt is only ready for certain types of applications right now. > The conversation didn't start out as "use CBCrypt." It started out as "This > is why you should care. 19,000 person company passwords stolen over HTTPS." > Awareness that passwords go to the server is a good start. Awareness of the > risks that cause is also a good start. Deciding what to do about it is what > comes next.
Wouldn’t it be better to push for proven technology like Kerberos, GSSAPI, and SPNEGO rather than a unimplemented (and, frankly, untested) concept solution? BTW, Chrome and Firefox both support SPNEGO. -- Jonathan Billings <billi...@negate.org> _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
