- From: Xatr0z <xatr0z@home.nl>
- Date: Sat, 16 Nov 2002 17:24:09 +0100
- To: "Toby Inkster" <tobyink@goddamn.co.uk>
- Cc: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
[snip] > | > b) MD5 isn't even encryption -- it's a hash -- not reversible. Thus > | > the server couldn't decode the information at the other end anyway! > | > | Yes, but a lot of systems use MD5 hashes in databases, for passwords by > | example. > > That is true, but if everybody did what you suggested, we would just be relying on md5(password) to log in instead of password. The md5(password) would be passed in plain text and could be intercepted and used by an attacker. I don't exactly understand what you mean. You say that if the HTTP client sends the MD5 password instead of a text/plain password, that it "is passed in plain text". That's not true, a MD5 hash is passed! > > | > c) Why bother when we already have HTTPS? HTTPS provides security > | infinitely better than all the methods you have suggested. > | > | I think HTTP should be save. > > With a lot of improvements, a cardboard box could be made safe, but for keeping things locked up, people prefer to use proper metal safes. Cardboard boxes and safes are both useful for keeping things in -- but in different ways. > > HTTP should be used when security isn't important. HTTPS should be used when security is important. Yes, maybe you're right in this one, people should not make everything secure if it could be easyer. But, if we put this in HTML/HTTP, is stays as easy as it is today and it is more secure. I don't see why this isn't inserted in HTTP/HTML, and you don't give any arguments. Also, not everyone has an HTTPS server. Most WWW activity is with HTTP. > > | > d) HTML is dead, there are no plans to recommend any further versions. > | > | I personaly think this is a bad idea, HTML is still used a lot on the > | WWW. > > There is nothing to stop people using it, but there are no plans to make any new versions after 4.01. All improvements are going into XHTML, which is a more easily extensible format. > If W3C doesn't want to improve HTML, it;s there choice, but why don't start improving HTML again, but on a small scale? If you don't do it, HTTP servers and clients will do it, and create there own standards, what would be a bad thing. I ask you guys from W3C, please start improving HTML again. I see that HTML has "grown up", but that doesn't mean that people won't use HTML anymore. Regards, D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>
Received on Saturday, 16 November 2002 11:26:01 UTC