- From: Xatr0z <xatr0z@home.nl>
- Date: Sat, 16 Nov 2002 11:07:43 +0100
- To: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
- Message-ID: <005c01c28d58$019cffe0$44b479d9@emmen1.dr.home.nl>
----- Original Message ----- From: Toby Inkster <tobyink@goddamn.co.uk> To: Xatr0z <xatr0z@users.sourceforge.net>; <www-html-request@w3.org> Sent: Friday, November 15, 2002 11:32 PM Subject: Re: Idea for securityfix in HTML > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 15 Nov 2002 23:04:18 +0100 > "Xatr0z" <xatr0z@home.nl> wrote: > > | We hope this idea will be included in the W3C standards of HTML and > | XHTML. [snip] > This is a terrible idea for the following reasons: > > a) Rot13 and Base64 provide no security at all. Assuming rot13'd data is intercepted, it can be easily decoded by a 10 year old with a pen and paper. It was an example, we were just numbering some encryptions. > b) MD5 isn't even encryption -- it's a hash -- not reversible. Thus the server couldn't decode the information at the other end anyway! Yes, but a lot of systems use MD5 hashes in databases, for passwords by example. > c) Why bother when we already have HTTPS? HTTPS provides security infinitely better than all the methods you have suggested. I think HTTP should be save. > d) HTML is dead, there are no plans to recommend any further versions. I personaly think this is a bad idea, HTML is still used a lot on the WWW. Regards, D. Willems "Xatr0z" <xatr0z at users.sourceforge.net>
Received on Saturday, 16 November 2002 05:09:37 UTC