[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Encrypted Web Pages?
--- "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx> wrote:
> On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad
> SATtva Miller wrote:
...
> What about just HTTPS with user certificates? you
> get both proof of identity and a means of
> encrypting data to that identity, yes?
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!) Also is there a mechanism for the
user to provide the decrypting key to the
browser?
> What are you doing that isn't covered by this?
My initial constraints are that once the data
is put on the server that no one except for
the intended recipient could decrypt it,
including the original poster, server admin...
> I may be missing something about the
> implications of HTTPS, but you could
> certainly key pgp public keys to x.509
> identities if you wanted to keep static
> data gpg encrypted on the server.
I'm not sure that I understand this
suggestion, could you be more explicit?
Are you suggesting simply limiting access
to the data by certificate (i.e server
side limiting?) That would not satisfy
my trust model, the server should be
assumed to be untrusted.
-Martin
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping