Here I thought I was going to be clever and figure out a way to encrypt browser input going to the server using a fancy-schmancy Javascript public-key encryption mechanism. I would really like to be rid of SSL if at all possible. However, after wasting far too much time on it, I have given up 
and resigned myself to using SSL again.
The biggest problem with Javascript public key encryption is STORING the key. I thought maybe I’d be able to use Dojo’s Flash-based storage mechanism, but that thing is so undocumented and so hard to use that I couldn’t figure it out and I finally gave up. The other hard part is generating a keypair on the client that will work on the server as well, which is not quite as easy as I thought it would be. This guy got it working in one direction, but he had to use the server to generate the private key which means you have to somehow send it to the client securely, which is easier said than done. The only way I could think of to do it was to provide it via an SSL-secured connection, which at that point why not just go ahead and make the entire app SSL-secured and not bother with it.
Anyway, after wasting too much time on this I am surrendering to SSL and moving on. Someday I’ll attack this problem from my rocking chair in the retirement home or something.
Oh yeah by the way, has anyone else realized that the only pages that are typically ever secured on Web-based applications are the pages where you input your credit card to pay for it? Did you know that something as simple as the Compose Email form in Gmail sends everything you input in plain text? How does this kind of security still fly in this day and age?
