W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] meta="encrypt" tag is needed

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 3 Aug 2010 20:29:33 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1008031949150.7470@ps20323.dreamhostps.com>
On Thu, 6 May 2010, juuso_html5 at tele3d.net wrote:
> <meta="encrypt" pubkey="ABABAEFEF2626EFEFEF" 
> pubtool="EC256-AES|RSA2048-AES" passsalt="no|domainname" 
> auth="verisign">
> Please try to fully decrypt the above meta-encrypt tag and *see* how the 
> browser-server communication could utilize it. (HINT: browser submits a 
> (session specific) 256bit elliptic curve public key to the server inside 
> every URI-request AND if the target page has meta-encrypt tag, the 
> server uses the browser's elliptic curve key and encrypts the page 
> content with that.) It is very simple, doable and STATELESS. And in 
> html5 it would eliminate some of the biggest real life security threats 
> at the internet. If you *could* learn and instinctly use the above 
> meta-encrypt tag then it should be enough simple for actual usage.

What problem is this solving?

Please see the WHATWG FAQ for details on how to propose features:


Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 3 August 2010 13:29:33 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:25 UTC