From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 20 Nov 1997 01:05:16 +0800
To: shamrock@cypherpunks.to
Subject: Re: Search engines and https
In-Reply-To: <Pine.BSF.3.96.971120140025.11686D-100000@pakastelohi.cypherpunks.to>
Message-ID: <199711191459.OAA02975@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Lucky Green <shamrock@cypherpunks.to> writes:
> On Wed, 19 Nov 1997, Adam Back wrote:
> > 
> > One thing you could do is to have your server use http (no s) iff the
> > connection comes from a known search engine.  Reasonably easy to do --
> > set up an http server, and block all sites, and put in allow
> > directives for the search engines.
> 
> Then the search engine would list the wrong URL. 

Yes; so make the failure page from your http server say: connect to
https://www.cypherpunks.to.

More elegant, but a bit more difficult, would be to do the right
thing.

That is: 

1. connection on https port & coming from *.altavista.com allow.
2. connection on https port & coming from somewhere else insist on SSL

(Would this work?  Wander if their spider will talk to https port with
http?)

> The idea is to get people to use crypto. In fact, as soon as I find
> the time, cypherpunks.to will reject weak crypto browsers and
> provide those unfortunate enough to use such a browser with pointers
> to upgrade options.

Kewl.  Anyone know where those patches to convert for netscape 40 bit
crippleware to 128 bit crypto are?

Save download time -- a version 4 browser is quite large to download.

Adam