[Spec] Spec (un)freezes and the spec's future

[Simon]

As I wrote to Solderpunk before I subscribed to this mailing list, specs 
should add something about input logging :

There is not any information about input logging. I think a page asking 
for a sensitive information must not log the user input.

For instance if the page "/sensitive" returns a 11 code if there is no 
input, then it must not log inputs when there is one.

The problem is if an application needs a user password, then even if the 
password is well stored, it will remain in plain text in logs.


It would be better to have this:

```
127.0.0.1 [30/Nov/2020:11:10:15 +0100] "gemini://localhost/password" 11 
Password: 14
127.0.0.1 [30/Nov/2020:11:10:21 +0100] "gemini://localhost/password?" 30 / 6
127.0.0.1 [30/Nov/2020:11:10:22 +0100] "gemini://localhost/" 20 
text/gemini 27
```

instead of this (this output comes from a test done with jetforce):

```
127.0.0.1 [30/Nov/2020:11:10:15 +0100] "gemini://localhost/password" 11 
Password: 14
127.0.0.1 [30/Nov/2020:11:10:21 +0100] 
"gemini://localhost/password?secret_password" 30 / 6
127.0.0.1 [30/Nov/2020:11:10:22 +0100] "gemini://localhost/" 20 
text/gemini 27
```

Logging normal Input and not sensitive input can be annoying. **It can 
be considered to not log any input as an easier way.** Then all input 
can be considered as sensitive + sensitive inputs needs to prevent 
shoulder surfers in addition.

Also, sensitive inputs should not remain in the client history if there 
is one.