W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: New Input type proposal

From: Preston L. Bannister <preston@bannister.us>
Date: Tue, 15 Jan 2008 22:17:19 -0800
Message-ID: <7e91ba7e0801152217y7818de7dvc2c06f87cf6505af@mail.gmail.com>
To: "Geoffrey Sneddon" <foolistbar@googlemail.com>
Cc: public-html@w3.org
On Jan 14, 2008 6:27 AM, Geoffrey Sneddon <foolistbar@googlemail.com> wrote:

>
> On 11 Jan 2008, at 09:32, Preston L. Bannister wrote:
>
> > Folks, you are re-inventing the wheel, and repeating classic mistakes.
>
> The problem is all existing solutions have minor issues, see below:
>
> > There is a lack. It is (or should be) possible to do secure logins
> > across
> > unencrypted channels. What is needed is access to an encryption
> > library from
> > Javascript. That would be outside to scope of the HTML specification.
>
> ECMAScript cannot be the solution, for what is the purpose of
> encrypting data from some UAs (those that support ECMAScript) and not
> from those that don't? It creates additional complexity on the server
> having to determine whether a field is encrypted or not (though, with
> BC concerns, this would need to be done anyway). If we want to encrypt
> data, it should be from all HTML 5 UAs, and not just the subset
> thereof that support ECMAScript.
>

Is a UA that does not support Javascript viable?  I suspect the answer is
"not".
Received on Wednesday, 16 January 2008 06:17:24 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC