From: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Date: Sat, 29 Jun 1996 13:03:50 +0800
To: cypherpunks@toad.com
Subject: Re:secure WWW on UNsecure servers
In-Reply-To: <199606280438.VAA05479@infinity.c2.org>
Message-ID: <v03007405adfa3dc7588f@[18.157.1.107]>
MIME-Version: 1.0
Content-Type: text/plain


> How might one arrange for these encrypted web pages residing on an
> (unsecure) server to get decrypted only at the client's machine?
> This should work as transparently as possible for the user;
> except possibly for a userid/password query it should look like a
> normal web browsing session.  For now, we can assume that the
> decrypted web pages contain only HTML and images in .gif format.

It seems like it could be done by writing a plug-in that passed the
encrypted page to pgp (or had it internally) and used that to decrypt it.
The plug-in could store  the pass-phrase locally and clear when the user
disconnected.

It *might* also be possible to do this with java. I don't know enough java
to say for sure, but couldn't you build an interface that took the
encrypted data passed it though whatever and then displayed it on the local
screen. The applet could produce a viewer with a 'sigoff' button telling
the applet to forget the pass-phrase. Comments?


Joseph Sokol-Margolis
joseph@genome.wi.mit.edu
Systems Administrator