W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: New Input type proposal

From: Geoffrey Sneddon <foolistbar@googlemail.com>
Date: Mon, 14 Jan 2008 14:27:16 +0000
Cc: public-html@w3.org
Message-Id: <49CC9B5B-441F-4A79-807A-CBB2D63031F1@googlemail.com>
To: Preston L. Bannister <preston@bannister.us>

On 11 Jan 2008, at 09:32, Preston L. Bannister wrote:

> Folks, you are re-inventing the wheel, and repeating classic mistakes.

The problem is all existing solutions have minor issues, see below:

> There is a lack. It is (or should be) possible to do secure logins  
> across
> unencrypted channels. What is needed is access to an encryption  
> library from
> Javascript. That would be outside to scope of the HTML specification.

ECMAScript cannot be the solution, for what is the purpose of  
encrypting data from some UAs (those that support ECMAScript) and not  
from those that don't? It creates additional complexity on the server  
having to determine whether a field is encrypted or not (though, with  
BC concerns, this would need to be done anyway). If we want to encrypt  
data, it should be from all HTML 5 UAs, and not just the subset  
thereof that support ECMAScript.


--
Geoffrey Sneddon
<http://gsnedders.com/>



Received on Monday, 14 January 2008 14:27:49 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC