Encrypted Web Pages?
Martin Fick
mogulguy at yahoo.com
Mon Dec 17 16:41:52 UTC 2007
--- Michael Holstein <michael.holstein at csuohio.edu>
wrote:
>
> > I have what may perhaps seem like a strange
> > question. Is there any commonly used software for
> > encrypting and decrypting web pages?
> >
>
> > Let me explain that a little better:
> > imagine a web
> > site which has content destined for specific
> > individuals. For each individual there is
> > separate content on separate pages, and no
> > one but the individual for whom the content
> > is destined should be able to read the
> > content, not even the creator of the content!
> >
> > In other words, is there a private/public key
> > mechanism similar to PGP (or even a PGP web page
> > plugin) that will work transparently while
> > browsing the web? The transparently part would
> > mean that a user can provide a private key to a
> > browser and any
> > pages encrypted with the user's public key would
> > automatically be decrypted for him when he views
> > them.
...
<cut all SSL suggestions which did not seem to
be applicable to the hostile server scenarrio>
...
> If you had a scenario where you needed to deploy a
> webserver in "hostile territory" and needed to
> ensure the security of the data thereon,
Yes, that is the scenario I am trying to deal
with. When it comes to anonymity/secure
communications I would assume all hosting
services could be hostile.
> you
> could conceivably gzip and GPG each .html page and
> associated items with multiple public keys based on
> some other criteria (like what cert the
> browser provided) and then let the end-user decrypt
> it with their private .. but this definitely won't
> be "automatic"
Yes the fallback is a manual process, I
was looking for an automated way, say by
using SSL in some weird way where the SSL
was preencrypted on the server and
without a client key negotitation since
the client already has the key to decrypt
it? But I can't figure that one out,
plus it would seem to require a different
web server (different key) for each user!
> .. but you could wrap it in Java to make
> it somewhat portable if you wanted.
For portability? Java is the least portable
language I have ever programmed in! ;)
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
-Martin
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the tor-talk
mailing list