[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:secure WWW on UNsecure servers





On Fri, 28 Jun 1996, Joseph Sokol-Margolis wrote:

> > How might one arrange for these encrypted web pages residing on an
> > (unsecure) server to get decrypted only at the client's machine?


Given the cost of high bandwidth connections and the practical necessity
of surrendering control of the actual machine on which the server resides
to have a decent connection at all, it seems to me that this possibility
should be very seriously considered.

It will allow virtual anonyminity of browsing and (with cooperative ISPs)
allow anonymous maintaince of a page itself.

The other alternative (maintaining control of the server and machine
itself) requires substantially more work to foil traffic analysis and
jurisdictional savvy employment to achieve the same effect.

As usual, the mathamatic defense vastly exceeds the utility of the
physical defense.

To what extent will it be possible, e.g., to run a financial services web
page from a server and still keep the server staff from knowing what the
page is?

It provides the ISP providing the server with liability protection, and
presents many more anonymous possibilities.

This, clearly, must be the best answer to turning web pages and WWW
transactions into the kind of personal and private exchanges that PGP
affords e-mail today.