- From: Preston L. Bannister <preston@bannister.us>
- Date: Tue, 15 Jan 2008 22:17:19 -0800
- To: "Geoffrey Sneddon" <foolistbar@googlemail.com>
- Cc: public-html@w3.org
Received on Wednesday, 16 January 2008 06:17:24 UTC
On Jan 14, 2008 6:27 AM, Geoffrey Sneddon <foolistbar@googlemail.com> wrote: > > On 11 Jan 2008, at 09:32, Preston L. Bannister wrote: > > > Folks, you are re-inventing the wheel, and repeating classic mistakes. > > The problem is all existing solutions have minor issues, see below: > > > There is a lack. It is (or should be) possible to do secure logins > > across > > unencrypted channels. What is needed is access to an encryption > > library from > > Javascript. That would be outside to scope of the HTML specification. > > ECMAScript cannot be the solution, for what is the purpose of > encrypting data from some UAs (those that support ECMAScript) and not > from those that don't? It creates additional complexity on the server > having to determine whether a field is encrypted or not (though, with > BC concerns, this would need to be done anyway). If we want to encrypt > data, it should be from all HTML 5 UAs, and not just the subset > thereof that support ECMAScript. > Is a UA that does not support Javascript viable? I suspect the answer is "not".
Received on Wednesday, 16 January 2008 06:17:24 UTC