[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Encrypted Web Pages?
--- "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx> wrote:
> On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin
> Fick wrote:
>
> :> It's an interesting threat model though :)
> :
> :Yes, but it really is a fairly simple one.
> :I am surprised that HTML does not seem
> :to have some extension to deal with this
> :already. It is not much different from
> :encrypted email concepts, just that the
> :browser needs the ability to do the
> :decrypting instead of your mail program.
> :The simplest fallback may be to simply
> :open the web page with the user's mailer
> :(if their mailer supports that,)
>
>
> The major difference is that email was designed
> personal correspondence, and evolved along
> those one to one lines.
Sure.
> HTTP is a publishing mechanisim in which you
> usually want people to see it, or restrict
> viewing to a group and is thus centered
> around one to many (or in "web2.0" land
> many to many) communication lines.
Yes, but I really am just talking about a
more secure version of the one to many
scenario where you don't trust the server!
The many, of course, can always be one.
> So I can understand why there isn't a ready made
> solution, using HTTP for secure one to one
> communication on an untrusted server just isn't
> something that's done, and secure one to many is
> done by owning and securing the server.
Ignore the "one to one" aspect and I think
that you may still be right. But trusting
the server still leads to a less secure
method of 'one to many' and my suggested
"HTML features" would be helpful there too!
> This isn't to reflect on you're
> application except to say it's
> uncommon.
Maybe not so uncommon, just that most
people readily accept that the server
should "know all" or they give up.
I think that there are many
opportunities which are lost because
some people will not outsource their
hosting because they will not accept that
"the server should know all" and because
they do not have the resources to host
things themselves. The simplest and
most obvious one is encrypted webmail
using regular webmail sites.
A solution to this problem could open up
many new doors, and many of those doors
I suspect would be very welcomed/needed
in tor land, not just for my application,
-Martin
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping