Encrypted Web Pages?

Martin Fick mogulguy at yahoo.com
Mon Dec 17 16:41:52 UTC 2007 

--- Michael Holstein <michael.holstein at csuohio.edu>
wrote:
> 
> > I have what may perhaps seem like a strange
> > question. Is there any commonly used software for 
> > encrypting and decrypting web pages?  
> >   
> 
> > Let me explain that a little better:  
> > imagine a web
> > site which has content destined for specific
> > individuals.  For each individual there is
> > separate content on separate pages, and no 
> > one but the individual for whom the content 
> > is destined should be able to read the 
> > content, not even the creator of the content!
> >
> > In other words, is there a private/public key
> > mechanism similar to PGP (or even a PGP web page
> > plugin) that will work transparently while
> > browsing the web?  The transparently part would 
> > mean that a user can provide a private key to a 
> > browser and any
> > pages encrypted with the user's public key would
> > automatically be decrypted for him when he views
> > them.

...
<cut all SSL suggestions which did not seem to
be applicable to the hostile server scenarrio>
...

> If you had a scenario where you needed to deploy a
> webserver in "hostile territory" and needed to 
> ensure the security of the data thereon, 

Yes, that is the scenario I am trying to deal 
with.  When it comes to anonymity/secure 
communications I would assume all hosting 
services could be hostile.

> you 
> could conceivably gzip and GPG each .html page and
> associated items with multiple public keys based on 
> some other criteria (like what cert the 
> browser provided) and then let the end-user decrypt
> it with their private .. but this definitely won't 
> be "automatic" 

Yes the fallback is a manual process, I 
was looking for an automated way, say by 
using SSL in some weird way where the SSL 
was preencrypted on the server and 
without a client key negotitation since 
the client already has the key to decrypt 
it?  But I can't figure that one out, 
plus it would seem to require a different 
web server (different key) for each user!

> .. but you could wrap it in Java to make 
> it somewhat portable if you wanted. 

For portability?  Java is the least portable 
language I have ever programmed in! ;)

Despite my bias, an embedded java app 
would not work since it would be 
controlled (provided) by the hostile 
server right?

-Martin



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the tor-talk mailing list