[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypted Web Pages?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Encrypted Web Pages?
From: Martin Fick <mogulguy@xxxxxxxxx>
Date: Mon, 17 Dec 2007 08:52:30 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 17 Dec 2007 11:52:38 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=nRbPUp2IZZeORhw/3+egi+ijtcqFj1D6ANCDZQCADAjWdc3qQSMoMgNQobs3t13B722rjxzwHcLkD3Kps8g9XDxHmZ5hqDPrdi+Fykr83RBT6Yr0i3DDQ2QuLVuZVrAmSaLja1cZ8iwfq+7UyUCBhmdGRyzxxD+ZN+YqWu2e1Fs=;
In-reply-to: <20071217150827.GB603@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

--- "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx> wrote:
> On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad
> SATtva Miller wrote:

...
> What about just HTTPS with user certificates? you
> get both proof of identity and a means of 
> encrypting data to that identity, yes? 

Is there a mechanism to use HTTPS to 
preencrypt web pages so that they 
are encrypted on the server (and so the 
server does not have the keys to decrypt 
them!)  Also is there a mechanism for the 
user to provide the decrypting key to the 
browser?

> What are you doing that isn't covered by this?

My initial constraints are that once the data
is put on the server that no one except for
the intended recipient could decrypt it, 
including the original poster, server admin...

> I may be missing something about the 
> implications of HTTPS, but you could 
> certainly key pgp public keys to x.509
> identities if you wanted to keep static 
> data gpg encrypted on the server.

I'm not sure that I understand this 
suggestion, could you be more explicit?
Are you suggesting simply limiting access
to the data by certificate (i.e server 
side limiting?)  That would not satisfy
my trust model, the server should be
assumed to be untrusted.

-Martin

      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Follow-Ups:
- Re: Encrypted Web Pages?
  - From: Jonathan D. Proulx
- Re: Encrypted Web Pages?
  - From: Michael Holstein

References:
- Re: Encrypted Web Pages?
  - From: Jonathan D. Proulx

Prev by Author: Re: Encrypted Web Pages?
Next by Author: Re: Encrypted Web Pages?
Previous by thread: Re: Encrypted Web Pages?
Next by thread: Re: Encrypted Web Pages?
Index(es):
- Author
- Thread