Wikipedia:Articles for deletion/Host-proof hosting


 * The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review).  No further edits should be made to this page.

The result was   delete. -- Cirt (talk) 13:27, 24 May 2010 (UTC)

Host-proof hosting

 * – ( View AfD View log  •  )

Coatrack spam -- Clipperz∙com buzzphrase with no independent notability. Google hits on this topic all relate to Clipperz product Passpack, mostly promotional and support."the term host-proof hosting that my colleagues and I take sole credit for. We do not claim ownership of the concept. I am certain that others had the same or similar ideas at around the same time that we did. I also take credit for publishing the first (as far as I know) articles that explored the possibilities afforded by AJAX for implementing a zero-footprint (i.e., pure Javascript, no plugins, applets, etc.) solution for browser-based crypto. -- Talk:Host-proof_hosting"/ edg ☺ ☭ 15:49, 17 May 2010 (UTC)
 * Note: This debate has been included in the list of Software-related deletion discussions.  —edg ☺ ☭ 16:04, 17 May 2010 (UTC)
 * Note: This debate has been included in the list of Internet-related deletion discussions.  -- Pcap  ping  16:04, 17 May 2010 (UTC)
 * Unlike the other clipperz spam (zero-knowledge web application), there are a couple of google books hits on this . The AJAX-centrism in this article makes me think that they are reinventing the wheel, and that there must be a more general terminology for this concept. Wasn't able to find it so far... Pcap ping  16:08, 17 May 2010 (UTC)
 * And there appear to be some good faith (albeit unsourced) edits discussing the technology. If this can be redirected or merged to whatever-this-is-properly-called, all the better. Otherwise this is an in-house name for a non-notable method. / edg ☺ ☭ 16:11, 17 May 2010 (UTC)


 * Delete - As well as the article looking a lot like WP:OR to me, I was put in a couple of edits to the "risks and vulnerabilities" section to try and get across the fact that the whole concept is inherently insecure. Moonradar (talk) 18:26, 17 May 2010 (UTC)
 * Yeah, it's pretty obvious the concept has not been debated in any serious security publication. Your criticism however (a form of man-in-the-middle attack), although I agree with it, falls foul of WP:OR. Howerver, this situation also highlights the need for WP:N: without coverage in credibly independent sources, a wiki article is bound to uncritically just regurgitate some primary source, which may in not a good idea in some cases, e.g. wp:fringe. So, I tend to agree that wholesale deletion may be the best option here. Pcap ping  18:48, 17 May 2010 (UTC)
 * There's a comment along your lines in the comments section of this video talk by Nate Lawson (comment #8). Since he is a published security researcher, it could be used as source (allowable per WP:SPS). Pcap  ping  19:06, 17 May 2010 (UTC)
 * Unsure. There is one book that covers this at some length, and it's independent of the subject, but it's only one source, and it's an AJAX book, not a security book (not even an Ajax security book&mdash;there are some of those as well). After presenting the pattern, the book author also writes: "There are no public real-world examples to my knowledge." A WP:NPOV presentation is currently impossible without some WP:OR criticism, and the only source is not terribly reliable for discussing security matters. Update: Apparently, there is criticism that can be sourced to a security researcher, so maybe this should be kept and fixed. Pcap ping  19:15, 17 May 2010 (UTC)


 * Delete The idea of host-proof-hosting is so fundamentally flawed (as partially explained in the article itself) that it is no wonder that it is not published in any respectable security venue (or, for that matter, any security venue). The main idea of host-proof-hosting is for a website to send some Javascript to the browser. This Javascript encrypts some data using a password entered by the user. The declared purpose of HPH is to remove the requirement for the user having to trust the website with the data. However, the system not only fails to achieve this (it is the very website that provides the Javascript that receives both the data and the user's password and can do with them pretty much whatever it likes, i.e. whatever the website likes), but it actually introduces a new vulnerability that does not exist in the absence of HPH. Namely, now the website must be trusted with the user's password. User's that re-use passwords (or passphrases) therefore expose themselves to a greater extent that is the case without HPH. All these points are so ridiculously obvious that I do not understand why the article still survives. —Preceding unsigned comment added by 134.58.253.57 (talk) 14:39, 20 May 2010 (UTC)
 * Interesting, but the ineffectiveness of this method is not by itself reason to delete the article. / edg ☺ ☭ 01:50, 23 May 2010 (UTC)
 * Delete, not notable. As a comment on the technique, I'd also point out that if it were possible, it would be nigh useless, since the server wouldn't be able to do anything but store data for the user. —Preceding unsigned comment added by Nuujinn (talk • contribs) 1:38:23, 22 May 2010 (UTC)
 * The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.