1997-11-19 - Re: Search engines and https

Header Data

From: Lucky Green <shamrock@cypherpunks.to>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 44977f7c1fbe964aa384f3cc0729363d20bf4b6fdf60d8888301ba5c5f1269c9
Message ID: <Pine.BSF.3.96.971120140025.11686D-100000@pakastelohi.cypherpunks.to>
Reply To: <199711190932.JAA00731@server.test.net>
UTC Datetime: 1997-11-19 13:25:14 UTC
Raw Date: Wed, 19 Nov 1997 21:25:14 +0800

Raw message

From: Lucky Green <shamrock@cypherpunks.to>
Date: Wed, 19 Nov 1997 21:25:14 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Search engines and https
In-Reply-To: <199711190932.JAA00731@server.test.net>
Message-ID: <Pine.BSF.3.96.971120140025.11686D-100000@pakastelohi.cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 19 Nov 1997, Adam Back wrote:
> 
> One thing you could do is to have your server use http (no s) iff the
> connection comes from a known search engine.  Reasonably easy to do --
> set up an http server, and block all sites, and put in allow
> directives for the search engines.

Then the search engine would list the wrong URL. The idea is to get
people to use crypto. In  fact, as soon as I find the time, cypherpunks.to
will reject weak crypto browsers and provide those unfortunate enough to
use such a browser with pointers to upgrade options.

 > It's not as if you're insisting on client certs for the HTTPS
server.

Actually, there are pages on the server that do require client certs.
Of course these pages need not be listed  in any search engine. But now
that you mention it, it might be fun to set up an automated enrollment
page and require client certs for everything.

-- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"






Thread