W3C home > Mailing lists > Public > www-forms@w3.org > November 2002

Re: Idea for securityfix in HTML

From: Toby Inkster <tobyink@goddamn.co.uk>
Date: Fri, 15 Nov 2002 22:34:07 +0000
To: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
Message-Id: <20021115223407.7f43c379.tobyink@goddamn.co.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 15 Nov 2002 23:04:18 +0100
"Xatr0z" <xatr0z@home.nl> wrote:

| We hope this idea will be included in the W3C standards of HTML and
| XHTML.

I deeply hope this is a troll.

This is a terrible idea for the following reasons:

a) Rot13 and Base64 provide no security at all. Assuming rot13'd data is intercepted, it can be easily decoded by a 10 year old with a pen and paper.

b) MD5 isn't even encryption -- it's a hash -- not reversible. Thus the server couldn't decode the information at the other end anyway!

c) Why bother when we already have HTTPS? HTTPS provides security infinitely better than all the methods you have suggested.

d) HTML is dead, there are no plans to recommend any further versions.

- - -- 
Toby A Inkster BSc ARCS
PGP:      http://www.goddamn.co.uk/tobyink/node.cgi?id=12
Web Page: http://www.goddamn.co.uk/tobyink/
IM:       AIM:inka80 ICQ:6622880 YIM:tobyink Jabber:tobyink@a-message.de

My pants just went to high school in the Carlsbad Caverns!!!
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE91XYVzr+BKGoqfTkRAjAyAJwIu30es9UR0UQdmsnFnDrYmb4zLACgkkH1
P0W0EoceSB3wMrhGtfpmEpQ=
=yTWv
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE91XZfzr+BKGoqfTkRAoA+AJ9Pg03tSLoI0zaxLqQr/rjcJ5viOQCgo9k2
N8pJC2rtKpl8wKrQ49JWjsI=
=8iL+
-----END PGP SIGNATURE-----
Received on Friday, 15 November 2002 17:34:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:54 GMT