Encrypted Web Pages?

[Michael Holstein]

> Despite my bias, an embedded java app 
> would not work since it would be 
> controlled (provided) by the hostile 
> server right?
>   

You could sign the applet with a key provided to your clients, since 
you're using a distribution model where you have known end-users (as you 
need their keys to encrypt the data).

My thought on Java was to be able to automate the key scheme within the 
browser, versus requiring them download a .gz.gpg file and decrypt it on 
their own. A (sort-of) working example of this is how HushMail does it 
(using Java to code the PGP stuff).

It's an interesting threat model though :)

~Mike.