-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm of the opinion that reinterpreting these particular ancient RFCs is really of no practical use and that this thread probably deserves to die a quiet death.
The fact of the matter is, regardless of what the RFCs have to say about the subject, Microsoft's abandoning of the username:password http/https feature should drastically hinder an entire class of unelegant phishing schemes. This is a good thing.
The patch will also act as another (albeit tiny) nudge away from the tradition of passwords saved and used in-the-clear, which is also a good thing.
Does anything else really need to be said?
C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAKE92R2vQ2HfQHfsRAkFtAKDFcJ066Y2tZyywnC7PArwedVezdwCeJPfO cRPsvmzrtG/B0qbxoxROFec= =Bd96 -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
