top | item 43644748

(no title)

Edd314159 | 10 months ago

It has to, how would it deliver the password to the URL’s recipient otherwise?

I suppose to keep it fully stateless you could encode the password in the URL itself somehow, but then that would defeat the purpose of not having the secret hang around in perpetuity.

discuss

bn-usd-mistake|10 months ago

Encrypt password with a given key, send that to the server. Include the key in the `#fragment` of the URL to Share.

Edd314159|10 months ago

Oh I was just talking about the “transmitting to the server _at all_” part, but yeah some end-to-end encryption would be nice.