On Jan 15, 2008, at 10:17 PM, "Preston L. Bannister" <preston@bannister.us > wrote: > On Jan 14, 2008 6:27 AM, Geoffrey Sneddon > <foolistbar@googlemail.com> wrote: > > On 11 Jan 2008, at 09:32, Preston L. Bannister wrote: > > > Folks, you are re-inventing the wheel, and repeating classic > mistakes. > > The problem is all existing solutions have minor issues, see below: > > > There is a lack. It is (or should be) possible to do secure logins > > across > > unencrypted channels. What is needed is access to an encryption > > library from > > Javascript. That would be outside to scope of the HTML > specification. > > ECMAScript cannot be the solution, for what is the purpose of > encrypting data from some UAs (those that support ECMAScript) and not > from those that don't? It creates additional complexity on the server > having to determine whether a field is encrypted or not (though, with > BC concerns, this would need to be done anyway). If we want to encrypt > data, it should be from all HTML 5 UAs, and not just the subset > thereof that support ECMAScript. > > Is a UA that does not support Javascript viable? I suspect the > answer is "not". It's not any less viable than a UA that allows ECMAScript to be turned off.Received on Thursday, 17 January 2008 07:26:54 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:08 GMT