[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypted Web Pages?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Encrypted Web Pages?
From: Martin Fick <mogulguy@xxxxxxxxx>
Date: Mon, 17 Dec 2007 08:41:52 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 17 Dec 2007 11:42:01 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=Fgrf9Y3WKna4R1wGck53MqaMrqq28NRsjeQyx7pEwKYJqVr2ClidPQbnAsiean1x1GDkAYPmdFqN4WxnR5SCTS7uFYyEBt47I13hTcuCXNoqOZRqbcVoMZG6IUjsiAf/DQP0OBYDAZ7kvS4exLuX9NK+WWjNVJGzygLa+iqBXKM=;
In-reply-to: <4766951E.8060607@xxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

--- Michael Holstein <michael.holstein@xxxxxxxxxxx>
wrote:
> 
> > I have what may perhaps seem like a strange
> > question. Is there any commonly used software for 
> > encrypting and decrypting web pages?  
> >   
> 
> > Let me explain that a little better:  
> > imagine a web
> > site which has content destined for specific
> > individuals.  For each individual there is
> > separate content on separate pages, and no 
> > one but the individual for whom the content 
> > is destined should be able to read the 
> > content, not even the creator of the content!
> >
> > In other words, is there a private/public key
> > mechanism similar to PGP (or even a PGP web page
> > plugin) that will work transparently while
> > browsing the web?  The transparently part would 
> > mean that a user can provide a private key to a 
> > browser and any
> > pages encrypted with the user's public key would
> > automatically be decrypted for him when he views
> > them.

...
<cut all SSL suggestions which did not seem to
be applicable to the hostile server scenarrio>
...

> If you had a scenario where you needed to deploy a
> webserver in "hostile territory" and needed to 
> ensure the security of the data thereon, 

Yes, that is the scenario I am trying to deal 
with.  When it comes to anonymity/secure 
communications I would assume all hosting 
services could be hostile.

> you 
> could conceivably gzip and GPG each .html page and
> associated items with multiple public keys based on 
> some other criteria (like what cert the 
> browser provided) and then let the end-user decrypt
> it with their private .. but this definitely won't 
> be "automatic" 

Yes the fallback is a manual process, I 
was looking for an automated way, say by 
using SSL in some weird way where the SSL 
was preencrypted on the server and 
without a client key negotitation since 
the client already has the key to decrypt 
it?  But I can't figure that one out, 
plus it would seem to require a different 
web server (different key) for each user!

> .. but you could wrap it in Java to make 
> it somewhat portable if you wanted. 

For portability?  Java is the least portable 
language I have ever programmed in! ;)

Despite my bias, an embedded java app 
would not work since it would be 
controlled (provided) by the hostile 
server right?

-Martin

      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Follow-Ups:
- Re: Encrypted Web Pages?
  - From: Michael Holstein

References:
- Re: Encrypted Web Pages?
  - From: Michael Holstein

Prev by Author: Encrypted Web Pages?
Next by Author: Re: Encrypted Web Pages?
Previous by thread: Re: Encrypted Web Pages?
Next by thread: Re: Encrypted Web Pages?
Index(es):
- Author
- Thread