[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypted Web Pages?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Encrypted Web Pages?
From: "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx>
Date: Mon, 17 Dec 2007 10:08:27 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 17 Dec 2007 10:08:37 -0500
In-reply-to: <47640B0E.1010801@xxxxxxxxx>
References: <204193.84523.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <47640B0E.1010801@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote:

:Considering the amount of bugs and weaknesses found regularly (and not
:found) in common browser software (open source or not), it's not a
:well-advised practice to trust a browser handling of sensitive private keys.

While I agree, this isn't the only way to implement such a
system. Teh browser could hand off encrypted content to a external
appliction to hadle the decryption.

What about just HTTPS with user certificates? you get both proof of identity
and a means of encrypting data to that identity, yes? What are you
doing that isn't covered by this?

I may be missing something about the implications of HTTPS, but you
could certainly key pgp public keys to x.509 identities if you wanted
to keep static data gpg encrypted on the server.

-Jon

Follow-Ups:
- Re: Encrypted Web Pages?
  - From: Martin Fick

References:
- Encrypted Web Pages?
  - From: Martin Fick
- Re: Encrypted Web Pages?
  - From: Vlad \"SATtva\" Miller

Prev by Author: Re: virtues of middlemen
Next by Author: Re: Encrypted Web Pages?
Previous by thread: Re: Encrypted Web Pages?
Next by thread: Re: Encrypted Web Pages?
Index(es):
- Author
- Thread