From: Hal <hfinney@shell.portal.com>
Date: Fri, 5 Jul 1996 08:24:03 +0800
To: unicorn@schloss.li
Subject: Re:  What remains to be done.
Message-ID: <199607042102.OAA26752@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Black Unicorn <unicorn@schloss.li>
> A.  Methods to run secure websites on insecure servers.
> [...]
> A software solution which permits local decryption makes traffic analysis
> less useful, presents the opportunity to use front end and disposable www
> pages on domestic ISPs while imposing no liability on the ISP itself, and
> opens several more effective traffic analysis deterants.

I don't quite understand what is being proposed here.  If the
information on the web site is encrypted, who is supposed to be able to
decrypt it?  Just one person, or some select group of people?  My
concern is the difficulty of keeping keys secret if they are made
available to more than one or two people.

Once the keys are known to those who would oppose the publication of
the information they can go to the ISP just as easily as if the
information were not encrypted, and get them to take it down if it is
illegal.

It would seem that an equally effective method would be to use no
encryption, but just a secret URL, one which is not linked to from
elsewhere - an "island in the net", so to speak (apologies to Bruce
Sterling).

Hal