[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypted Web Pages?



On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin Fick wrote:

:> It's an interesting threat model though :)
:
:Yes, but it really is a fairly simple one.
:I am surprised that HTML does not seem
:to have some extension to deal with this
:already.  It is not much different from 
:encrypted email concepts, just that the 
:browser needs the ability to do the
:decrypting instead of your mail program.  
:The simplest fallback may be to simply 
:open the web page with the user's mailer 
:(if their mailer supports that,)


The major difference is that email was designed personal
correspondence, and evolved along those one to one lines.  HTTP is a
publishing mechanisim in which you usually want people to see it, or
restrict viewing to a group and is thus centered around one to many
(or in "web2.0" land many to many) communication lines.

So I can understand why there isn't a ready made solution, using HTTP
for secure one to one communication on an untrusted server just isn't
something that's done, and secure one to many is done by owning and
securing the server.

This isn't to reflect on you're application except to say it's
uncommon.

-Jon