[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Search engines and https




On Wed, 19 Nov 1997, Adam Back wrote:
> 
> One thing you could do is to have your server use http (no s) iff the
> connection comes from a known search engine.  Reasonably easy to do --
> set up an http server, and block all sites, and put in allow
> directives for the search engines.

Then the search engine would list the wrong URL. The idea is to get
people to use crypto. In  fact, as soon as I find the time, cypherpunks.to
will reject weak crypto browsers and provide those unfortunate enough to
use such a browser with pointers to upgrade options.

 > It's not as if you're insisting on client certs for the HTTPS
server.

Actually, there are pages on the server that do require client certs.
Of course these pages need not be listed  in any search engine. But now
that you mention it, it might be fun to set up an automated enrollment
page and require client certs for everything.

-- Lucky Green <[email protected]> PGP v5 encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"