[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Encrypted Web Pages?
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote:
:Considering the amount of bugs and weaknesses found regularly (and not
:found) in common browser software (open source or not), it's not a
:well-advised practice to trust a browser handling of sensitive private keys.
While I agree, this isn't the only way to implement such a
system. Teh browser could hand off encrypted content to a external
appliction to hadle the decryption.
What about just HTTPS with user certificates? you get both proof of identity
and a means of encrypting data to that identity, yes? What are you
doing that isn't covered by this?
I may be missing something about the implications of HTTPS, but you
could certainly key pgp public keys to x.509 identities if you wanted
to keep static data gpg encrypted on the server.
-Jon