- From: Geoffrey Sneddon <foolistbar@googlemail.com>
- Date: Mon, 14 Jan 2008 14:27:16 +0000
- To: Preston L. Bannister <preston@bannister.us>
- Cc: public-html@w3.org
Received on Monday, 14 January 2008 14:27:49 UTC
On 11 Jan 2008, at 09:32, Preston L. Bannister wrote: > Folks, you are re-inventing the wheel, and repeating classic mistakes. The problem is all existing solutions have minor issues, see below: > There is a lack. It is (or should be) possible to do secure logins > across > unencrypted channels. What is needed is access to an encryption > library from > Javascript. That would be outside to scope of the HTML specification. ECMAScript cannot be the solution, for what is the purpose of encrypting data from some UAs (those that support ECMAScript) and not from those that don't? It creates additional complexity on the server having to determine whether a field is encrypted or not (though, with BC concerns, this would need to be done anyway). If we want to encrypt data, it should be from all HTML 5 UAs, and not just the subset thereof that support ECMAScript. -- Geoffrey Sneddon <http://gsnedders.com/>
Received on Monday, 14 January 2008 14:27:49 UTC