[whatwg] meta="encrypt" tag is needed
fmigacz at gmail.com
Fri May 7 07:44:38 PDT 2010
On Thu, May 6, 2010 at 8:44 AM, <juuso_html5 at tele3d.net> wrote:
> <meta="encrypt" pubkey="ABABAEFEF2626EFEFEF"
> passsalt="no|domainname" auth="verisign">
I see a few shortcomings in this approach:
a) each document is encrypted asymmetrically, affecting performance.
b) there is no management of keys (expiration, revocation, trust, etc).
c) the values for the pubtool attribute (encryption algorithm) will need to
be spec'd, slowing the deployment of new encryption algorithms (or better
d) how to handle XMLHttpRequests? how to handle XHRs receiving JSON or text?
e) information from the UA to the server is plaintext (e.g.,
logon/passwords). If, instead, authentication relies only on possession of
the user's private key; then, any human can sit at the user's console and
automatically authenticate to all HTTP servers.
I'd prefer a radically different approach (TLS = out of scope).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg