1996-07-04 - Re: What remains to be done.

Header Data

From: Gary Howland <gary@systemics.com>
To: Black Unicorn <unicorn@schloss.li>
Message Hash: 37564df815e14ceece4ba228fc203216ccb84c0d5f7d8219cbf6d2dbaa8fab53
Message ID: <31DBB50A.5656AEC7@systemics.com>
Reply To: <Pine.SUN.3.94.960703055812.13232A-100000@polaris>
UTC Datetime: 1996-07-04 15:14:37 UTC
Raw Date: Thu, 4 Jul 1996 23:14:37 +0800

Raw message

From: Gary Howland <gary@systemics.com>
Date: Thu, 4 Jul 1996 23:14:37 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What remains to be done.
In-Reply-To: <Pine.SUN.3.94.960703055812.13232A-100000@polaris>
Message-ID: <31DBB50A.5656AEC7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
> A.  Methods to run secure websites on insecure servers.
> 
> A thread on 'punks last month, I am of the view that local decryption of
> web pages is essential to the development of coercion free web pages.
> Estlablishing a truely secure web page today requires the server to be
> extra-terratorial, in a secure physical location, and requires such
> lengths to defeat traffic analysis (which lengths must be applied to the
> actual network logistics, rather than the software logistics) so as to be
> impractical to all but institutional resources.  The best effort I have
> seen is in European Union Bank (www.eub.com) or (www.eub.net) [neither of
> which I recommend you use for deposits] and it still falls quite short.
> 
> A software solution which permits local decryption makes traffic analysis
> less useful, presents the opportunity to use front end and disposable www
> pages on domestic ISPs while imposing no liability on the ISP itself, and
> opens several more effective traffic analysis deterants.
> 
> Ideally, both web proxies (for servers as well as clients) and local
> decryption will be written allowing both server and user a degree of
> double blind operation as well as easy disposability of front ends.
> 
> A Netscape plugin for local decryption of web pages and proxy forwarding
> of WWW form submissions to the server is a MUST.

I fully agree with all of your comments, but, encrypted proxying issues
aside, what is wrong with SSL?  Is it because the encryption is for
the whole server, not individual users?

> Is anyone considering work on these?

I gave the encrypted proxy idea some thought, and intend to do
it one day.  If someone is willing to run it, then I will certainly
do it.  Offers?

With regard to the local decryption idea, then I don't see this as
much of a problem.  How much interest is there in this?  We already
have something similar running, but it would still need a bit of work
to make more general.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06





Thread