[whatwg] meta="encrypt" tag is needed
Tab Atkins Jr.
jackalmage at gmail.com
Thu May 6 10:10:57 PDT 2010
On Thu, May 6, 2010 at 5:44 AM, <juuso_html5 at tele3d.net> wrote:
> <meta="encrypt" pubkey="ABABAEFEF2626EFEFEF" pubtool="EC256-AES|RSA2048-AES"
> passsalt="no|domainname" auth="verisign">
>
> Please try to fully decrypt the above meta-encrypt tag and *see* how the
> browser-server communication could utilize it. (HINT: browser submits a
> (session specific) 256bit elliptic curve public key to the server inside
> every URI-request AND if the target page has meta-encrypt tag, the server
> uses the browser's elliptic curve key and encrypts the page content with
> that.) It is very simple, doable and STATELESS. And in html5 it would
> eliminate some of the biggest real life security threats at the internet. If
> you *could* learn and instinctly use the above meta-encrypt tag then it
> should be enough simple for actual usage.
Rather than ask us to figure it out ourselves, and possibly get it
wrong and have to be corrected, why don't you just tell us:
1) What the exact problem is you're trying to solve
2) What your suggestion is
3) How your suggestion solves the problem
4) How it is better than existing solutions to that problem
It's generally a much better use of my time to read something that's
well-thought out and explained than to try and decipher a clever idea
that someone had but doesn't want to fully explain.
~TJ
More information about the whatwg
mailing list