From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 30 Jun 1996 13:12:30 +0800
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Subject: Re: secure WWW on UNsecure servers
In-Reply-To: <v03007405adfa3dc7588f@[18.157.1.107]>
Message-ID: <199606292310.TAA12274@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Joseph Sokol-Margolis writes:
> > How might one arrange for these encrypted web pages residing on an
> > (unsecure) server to get decrypted only at the client's machine?
> > This should work as transparently as possible for the user;
> > except possibly for a userid/password query it should look like a
> > normal web browsing session.  For now, we can assume that the
> > decrypted web pages contain only HTML and images in .gif format.
> 
> It seems like it could be done by writing a plug-in that passed the
> encrypted page to pgp (or had it internally) and used that to decrypt it.
> The plug-in could store  the pass-phrase locally and clear when the user
> disconnected.

The "Right Way" to do what was asked is to use S/HTTP. However,
Netscape, in their wisdom, has not implemented it.

Perry