Encrypted Web Pages?
Jonathan D. Proulx
jon at csail.mit.edu
Mon Dec 17 15:08:27 UTC 2007
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote:
:Considering the amount of bugs and weaknesses found regularly (and not
:found) in common browser software (open source or not), it's not a
:well-advised practice to trust a browser handling of sensitive private keys.
While I agree, this isn't the only way to implement such a
system. Teh browser could hand off encrypted content to a external
appliction to hadle the decryption.
What about just HTTPS with user certificates? you get both proof of identity
and a means of encrypting data to that identity, yes? What are you
doing that isn't covered by this?
I may be missing something about the implications of HTTPS, but you
could certainly key pgp public keys to x.509 identities if you wanted
to keep static data gpg encrypted on the server.
-Jon
More information about the tor-talk
mailing list