-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian's response covers the issues very well I think. (Thanks.) Just one thing to add... On 04/07/2014 11:09 AM, Brian Trammell wrote: > I think the practical risk here is only of vandalism, creating a > mess in the datatracker that it would take a fair amount of work to > clean up. Any impersonation materially impacting the process would > presumably (hopefully) be detected by the impersonated themselves. > And the possibility of someone actually doing this certainly seems > far-fetched, but so do so many of the things one reads in the > press these days on this subject. Given that password re-use over many services is common, there is also the not at all insignificant risk that any credentials captured could be abused elsewhere with more impact. Yes, we ought move away from passwords if/when we ever find an acceptably better solution, and yes, people ought manage their passwords well, but neither are today's reality more's the pity. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJTQoWPAAoJEC88hzaAX42iAZ0H/AherdQFB54RMS/Puiwmk+qb VzA+CbYotJKKrt6NHcQt9wi0SxkC9e9zIhtxUAMdHxxOd0X2KOu00tSJsYPEhoaz CC7s3woqCiQp8vQj2FqE7fEKFIxohModpUlbKidLq/JdkJ3zW9/9tMGeffoGoFLg j/B9tNr9vlCW3I+ZqyaKMUneEKwYB/YYyli/iEIzztsuGoWFu6xfSnOYQG1+Bdre 27ec95FMAkBNTF2x/KOZ+FN8o1i92XzzXUNRCwTmWn3iqmp9rJ3OQAst0lkDOzzv k36rQx2r9uU1lpJProty2dQOTOf2GTmlE+QZ7BJC4g9O3Dn/Y+eMvHnWF1OwS8s= =MXlA -----END PGP SIGNATURE-----