From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 29 Aug 1996 16:19:07 +0800
To: cypherpunks@toad.com
Subject: Annoucing LivePGP - content security for web (fwd)
Message-ID: <Pine.SUN.3.94.960829012524.10577B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li

---------- Forwarded message ----------
> From ssl-lists-owner@minbne.mincom.oz.au Thu Aug 29 01:00:59 1996
> Message-Id: <01BB9594.5E8FC740@minuet>
> From: Ming-Ching Tiew <mctiew@csi.po.my>
> Subject: Annoucing LivePGP - content security for web
> Date: Thu, 29 Aug 1996 10:25:07 +-800
> Encoding: 54 TEXT
> Sender: ssl-lists-owner@mincom.com
> Precedence: bulk
> 
> Inspired by Adam Cain's write-up ( and others ) on comparison on the using of PGP, 
> SSL/HTTPS, SHTTP and others on Web technologies, I have written a LivePGP 
> plugin for Navigator 3.x and is available for evaluation for anybody who cares to 
> send me a email ( as I don't have  a leased line connection to internet ).
> 
> See below for a summary.
> 
> Thank you, 
> Regards,
> Ming-Ching
> mctiew@csi.po.my
> 
> ------------------------------------------------------------------------------------------------------
> As a summary, this is a plugin for Navigator 3.x which I developed it
> myself, and which I called it LivePGP because it uses LiveConnect and
> PGP.
> 
> LivePGP is a plugin to be loaded on Navigator machine; it secures the
> content before transmittion to the network. Therefore, it doesn't matter
> what network or what's or ever.
> 
> With absolutely no intention to compete with SSL and SHTTP, LivePGP 
> attempts to address some issues with existing security products :-
> 
> 1. 1024-bit key length of PGP in comparison with 40-bit for SSL ( due to 
>     international export limitation ). PGP is a well-known product which   
>     has survived years to testing.
> 
> 2. Extended security vs point-to-point security provided by SSL. Content 
>     coming out of SSL client and server are plain text, which may
>     be subjected to system administrator's tempering with the data. Using 
>     LivePGP, the decryption of data can be relayed as late as (operationally) possible. 
> 
>     More important practical reason is that the signed content can be logged
>     on the client and server; it is very useful to addresss non-repudiation.
>     The client cannot argue that he didnot submit the transaction, because
>     the content which contains the client's signature can be logged and printed out.
>   
>     Similary, system administrator's tempering the data could be checked against
>     with.
> 
> 3. Even thought the plugin is developed using C/C++ and Java,
>    deployment for any scenerio need only standard HTML/Javascript. 
> 
> 4. Client is Win95/NT. Server can be anything. Win3.11 is unknown.
> 
> 5. Every part introduced by me is source code available.
> 
> 6. Can use it together with SSL to make use of the high transparency
>     of SSL.
> 
> 7. Can use it to upload ( signed and encrypted ) local files, in addition
>     to uploading ( signed and encrypted ) web content.