Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.) from Ben Maurer on 2014-10-16 (public-whatwg-archive@w3.org from October 2014)

From: Ben Maurer <ben.maurer@gmail.com>
Date: Thu, 16 Oct 2014 14:31:59 +0200
To: Anne van Kesteren <annevk@annevk.nl>
Cc: whatwg <whatwg@lists.whatwg.org>, Mike West <mkwst@google.com>, Sigbjørn Vik <sigbjorn@opera.com>, John Mellor <johnme@google.com>, rescator@emsai.net
Message-ID: <CABgOVa+x_v6cT_LA8FpCsoycUxtaLNoeL4cOa_nnqpg_jSYcvA@mail.gmail.com>

Correct. For example, if you used CloudFlare to terminate your SSL traffic,
this measure would prevent CloudFlare from ever seeing your passwords. The
key to decrypt the password (or CC#) can be limited to the absolute minimal
surface area necessary.

On Thu, Oct 16, 2014 at 2:27 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, Oct 16, 2014 at 2:22 PM, Ben Maurer <ben.maurer@gmail.com> wrote:
> > It reduces the number of systems which are exposed
> > to the password.
>
> You mean after the password arrives at the server? Because for
> transfer we should advocate TLS.
>
>
> --
> https://annevankesteren.nl/
>

Received on Thursday, 16 October 2014 12:32:27 UTC