Encrypted Web Pages?
Martin Fick
mogulguy at yahoo.com
Mon Dec 17 17:55:12 UTC 2007
It is now clear to me that I have been
unclear about the requirements. Let
me try to be more explicit.
1) I am looking for a "point2point",
"sender 2 receiver", secure encrypted
web page mechanism.
2) Senders are untrusted to recipients.
3) Web server is untrusted to recipients.
4) Senders create the encrypted web page
content and post it to an untrusted #3)
web server destined for specific
individual recipients.
5) Once posted to the web server, senders
are expected, but not guranteed to
(see #2) to delete all plain text
versions of the web pages.
6) The web server should never see plain
text versions of the web pages (see #3.)
7) One web page is destined for one single
user, i.e. it is encrypted with one
public key ony. If the sender needs to
send the same message to multiple
recipients, he will simply create
multiple web pages and no one even
needs to know this.
8) Any web server side access mechanim can
only be used to manage web pages, not
for data access (see #3.) In other
words, there could be web server side
access mechanisms to control the
posting and deleting of web pages, but
not the decrypting of web pages.
I do not think that the scenario you
specified below meets #3, #5, #6
or #8 which I just specified :), or
does it?
Thanks for the suggestions though,
-Martin
--- "Jonathan D. Proulx" <jon at csail.mit.edu> wrote:
> You use X.509 personal certificates to authenticate
> the user, this is relatively straight forward and
> standard.
> Once you have established identity with X.509 you
> tie that identity to
> a gpg||pgp public key. Presuambly you would
> establish this initial
> mapping at account creation, where you could
> generate the client
> cretificate and request the user upload their public
> key. Now
> whenever you see that certificate you know which key
> to use for
> encryption, decryption stays on the user end. Your
> app should
> probably check keyserver for key revocations so it
> doesn't lead data to a compromised key.
>
> -Jon
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the tor-talk
mailing list