Re: Idea for securityfix in HTML

----- Original Message -----
From: Toby Inkster <>
To: Xatr0z <>; <>
Sent: Friday, November 15, 2002 11:32 PM
Subject: Re: Idea for securityfix in HTML

> Hash: SHA1
> On Fri, 15 Nov 2002 23:04:18 +0100
> "Xatr0z" <> wrote:
> | We hope this idea will be included in the W3C standards of HTML and
> | XHTML.


> This is a terrible idea for the following reasons:
> a) Rot13 and Base64 provide no security at all. Assuming rot13'd data is
intercepted, it can be easily decoded by a 10 year old with a pen and paper.

It was an example, we were just numbering some encryptions.

> b) MD5 isn't even encryption -- it's a hash -- not reversible. Thus the
server couldn't decode the information at the other end anyway!

Yes, but a lot of systems use MD5 hashes in databases, for passwords by

> c) Why bother when we already have HTTPS? HTTPS provides security
infinitely better than all the methods you have suggested.

I think HTTP should be save.

> d) HTML is dead, there are no plans to recommend any further versions.

I personaly think this is a bad idea, HTML is still used a lot on the WWW.


D. Willems "Xatr0z" <xatr0z at>

Received on Saturday, 16 November 2002 05:09:37 UTC