Re: New Input type proposal

On Jan 15, 2008, at 10:17 PM, "Preston L. Bannister" < 
 > wrote:

> On Jan 14, 2008 6:27 AM, Geoffrey Sneddon  
> <> wrote:
> On 11 Jan 2008, at 09:32, Preston L. Bannister wrote:
> > Folks, you are re-inventing the wheel, and repeating classic  
> mistakes.
> The problem is all existing solutions have minor issues, see below:
> > There is a lack. It is (or should be) possible to do secure logins
> > across
> > unencrypted channels. What is needed is access to an encryption
> > library from
> > Javascript. That would be outside to scope of the HTML  
> specification.
> ECMAScript cannot be the solution, for what is the purpose of
> encrypting data from some UAs (those that support ECMAScript) and not
> from those that don't? It creates additional complexity on the server
> having to determine whether a field is encrypted or not (though, with
> BC concerns, this would need to be done anyway). If we want to encrypt
> data, it should be from all HTML 5 UAs, and not just the subset
> thereof that support ECMAScript.
> Is a UA that does not support Javascript viable?  I suspect the  
> answer is "not".

It's not any less viable than a UA that allows ECMAScript to be turned  

Received on Thursday, 17 January 2008 07:26:54 UTC