From: "Kevin Q. Brown" <kqb@c2.org>
Date: Sat, 29 Jun 1996 11:30:43 +0800
To: cypherpunks@toad.com
Subject: secure WWW on UNsecure servers
Message-ID: <199606280438.VAA05479@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I know several people who want to share private information on
some web pages but do not trust any publicly-accessible web server
not to leak the information on those pages.   The normal IP
address or password-based web page protection mechanisms thus
are not sufficient since they assume that the server is secure
from non-web-based mechanisms for retrieving the pages.  Also,
encryption schemes such as SSL will not solve the problem because
they protect only against interception between the server and
the client, not at the server itself.  Instead, it looks like
the web pages must reside on the server in encrypted form.

How might one arrange for these encrypted web pages residing on an
(unsecure) server to get decrypted only at the client's machine?
This should work as transparently as possible for the user;
except possibly for a userid/password query it should look like a
normal web browsing session.  For now, we can assume that the
decrypted web pages contain only HTML and images in .gif format.

Might this best be done with some combination of special MIME
types and helper applications or plug-ins?  Has someone already
done it?  Thanks.

    Kevin Q. Brown
    kqb@c2.org