1996-07-03 - Re:secure WWW on UNsecure servers

Header Data

From: Black Unicorn <unicorn@schloss.li>
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Message Hash: 88e0e9ab4ad1d998490b9c05e867c68f30f1d88d1c87173d36d5afae4898e410
Message ID: <Pine.SUN.3.94.960702212641.2420B-100000@polaris>
Reply To: <v03007405adfa3dc7588f@[18.157.1.107]>
UTC Datetime: 1996-07-03 05:28:49 UTC
Raw Date: Wed, 3 Jul 1996 13:28:49 +0800

Raw message

From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 3 Jul 1996 13:28:49 +0800
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Subject: Re:secure WWW on UNsecure servers
In-Reply-To: <v03007405adfa3dc7588f@[18.157.1.107]>
Message-ID: <Pine.SUN.3.94.960702212641.2420B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 28 Jun 1996, Joseph Sokol-Margolis wrote:

> > How might one arrange for these encrypted web pages residing on an
> > (unsecure) server to get decrypted only at the client's machine?


Given the cost of high bandwidth connections and the practical necessity
of surrendering control of the actual machine on which the server resides
to have a decent connection at all, it seems to me that this possibility
should be very seriously considered.

It will allow virtual anonyminity of browsing and (with cooperative ISPs)
allow anonymous maintaince of a page itself.

The other alternative (maintaining control of the server and machine
itself) requires substantially more work to foil traffic analysis and
jurisdictional savvy employment to achieve the same effect.

As usual, the mathamatic defense vastly exceeds the utility of the
physical defense.

To what extent will it be possible, e.g., to run a financial services web
page from a server and still keep the server staff from knowing what the
page is?

It provides the ISP providing the server with liability protection, and
presents many more anonymous possibilities.

This, clearly, must be the best answer to turning web pages and WWW
transactions into the kind of personal and private exchanges that PGP
affords e-mail today.






Thread