[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: transfering files between *.debian.org hosts

Wouter Verhelst <wouter@debian.org> writes:

> (for some infathomable reason, the firefox developers consider Negotiate
> authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> why that is, and never saw a compelling argument...)

Well, having your browser spontaneously authenticate you to any system
keyed in your local realm or in a realm with which you have cross-realm
trust is something of a leak of personal information.  I can see why they
wouldn't want that to happen silently on request.

I think the real solution would be to add a drop-down prompt similar to
the prompts for pop-up menus and the like for sites that are attempting
Negotiate-Auth, rather than just disabling it by default....

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: