- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 3 Aug 2010 20:29:33 +0000 (UTC)
On Thu, 6 May 2010, juuso_html5 at tele3d.net wrote: > > <meta="encrypt" pubkey="ABABAEFEF2626EFEFEF" > pubtool="EC256-AES|RSA2048-AES" passsalt="no|domainname" > auth="verisign"> > > Please try to fully decrypt the above meta-encrypt tag and *see* how the > browser-server communication could utilize it. (HINT: browser submits a > (session specific) 256bit elliptic curve public key to the server inside > every URI-request AND if the target page has meta-encrypt tag, the > server uses the browser's elliptic curve key and encrypts the page > content with that.) It is very simple, doable and STATELESS. And in > html5 it would eliminate some of the biggest real life security threats > at the internet. If you *could* learn and instinctly use the above > meta-encrypt tag then it should be enough simple for actual usage. What problem is this solving? Please see the WHATWG FAQ for details on how to propose features: http://wiki.whatwg.org/wiki/FAQ#Is_there_a_process_for_adding_new_features_to_a_specification.3F -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 3 August 2010 13:29:33 UTC