[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypted Web Pages?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Encrypted Web Pages?
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Mon, 17 Dec 2007 11:55:56 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 17 Dec 2007 12:07:51 -0500
In-reply-to: <632148.11850.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <632148.11850.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

Despite my bias, an embedded java appwould not work since it would becontrolled (provided) by the hostileserver right?

You could sign the applet with a key provided to your clients, sinceyou're using a distribution model where you have known end-users (as youneed their keys to encrypt the data).

My thought on Java was to be able to automate the key scheme within thebrowser, versus requiring them download a .gz.gpg file and decrypt it ontheir own. A (sort-of) working example of this is how HushMail does it(using Java to code the PGP stuff).


It's an interesting threat model though :)

~Mike.

Follow-Ups:
- Re: Encrypted Web Pages?
  - From: Martin Fick

References:
- Re: Encrypted Web Pages?
  - From: Martin Fick

Prev by Author: Re: Encrypted Web Pages?
Next by Author: Re: Encrypted Web Pages?
Previous by thread: Re: Encrypted Web Pages?
Next by thread: Re: Encrypted Web Pages?
Index(es):
- Author
- Thread