Martin Fick wrote on 18.12.2007 01:05:
--- Vlad \SATtva\ Miller [EMAIL PROTECTED] wrote:
Have you looked at FireGPG Firefox extension?
http://firegpg.tuxfamily.org/
--- Alexander W. Janssen
[EMAIL PROTECTED] wrote:
Why not simply use the Firegpg-extension for
Firefox?
I had not
--- Vlad \SATtva\ Miller [EMAIL PROTECTED] wrote:
Martin Fick wrote on 18.12.2007 01:05:
--- Vlad \SATtva\ Miller [EMAIL PROTECTED]
wrote:
What if on sudden he becomes aware of one of the
recipient key's compromise? Now
sender needs to decrypt the whole site and
re-encrypt it to another
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote:
:Considering the amount of bugs and weaknesses found regularly (and not
:found) in common browser software (open source or not), it's not a
:well-advised practice to trust a browser handling of sensitive private keys.
While I
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Yes, SSL .. and it's been around for quite a while.
Let me explain that a little better: imagine a web
site which has content destined for specific
--- Michael Holstein [EMAIL PROTECTED]
wrote:
I have what may perhaps seem like a strange
question. Is there any commonly used software for
encrypting and decrypting web pages?
Let me explain that a little better:
imagine a web
site which has content destined for specific
--- Jonathan D. Proulx [EMAIL PROTECTED] wrote:
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad
SATtva Miller wrote:
...
What about just HTTPS with user certificates? you
get both proof of identity and a means of
encrypting data to that identity, yes?
Is there a mechanism to use HTTPS to
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
You could sign the applet with a key provided to your clients, since
you're using a distribution model where you have known end-users (as you
need their keys to
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!)
Not using HTTPS per-se, but you can use SSL to encrypt files.
My initial constraints are that once the data
is put on the
On Mon, Dec 17, 2007 at 08:52:30AM -0800, Martin Fick wrote:
: I may be missing something about the
: implications of HTTPS, but you could
: certainly key pgp public keys to x.509
: identities if you wanted to keep static
: data gpg encrypted on the server.
:
:I'm not sure that I understand
--- Michael Holstein [EMAIL PROTECTED]
wrote:
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
You could sign the applet with a key
provided to your clients, since you're
using a distribution model where
On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin Fick wrote:
: It's an interesting threat model though :)
:
:Yes, but it really is a fairly simple one.
:I am surprised that HTML does not seem
:to have some extension to deal with this
:already. It is not much different from
:encrypted email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Fick wrote:
Yes, but it really is a fairly simple one. I am surprised that HTML
does not seem to have some extension to deal with this already. It
is not much different from encrypted email concepts, just that the
browser needs the
It is now clear to me that I have been
unclear about the requirements. Let
me try to be more explicit.
1) I am looking for a point2point,
sender 2 receiver, secure encrypted
web page mechanism.
2) Senders are untrusted to recipients.
3) Web server is untrusted to recipients.
4) Senders
--- Michael Holstein [EMAIL PROTECTED]
wrote:
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!)
Not using HTTPS per-se, but you can use SSL to
encrypt files.
Agreed.
Michael Holstein wrote on 17.12.2007 23:01:
I'm not a mathematician, but it can't be wise to store multiple copies
of the same plaintext encrypted by the same cipher using different keys
.. much crypto has historically been broken that way.
As a side note: In the context of OpenPGP you have to
Martin Fick wrote on 17.12.2007 23:25:
I am surprised that HTML does not seem
to have some extension to deal with this
already. It is not much different from
encrypted email concepts, just that the
browser needs the ability to do the
decrypting instead of your mail program.
The
--- Vlad \SATtva\ Miller [EMAIL PROTECTED] wrote:
Have you looked at FireGPG Firefox extension?
http://firegpg.tuxfamily.org/
--- Alexander W. Janssen
[EMAIL PROTECTED] wrote:
Why not simply use the Firegpg-extension for
Firefox?
I had not seen this, thank you, this would
certainly be a
--- Jonathan D. Proulx [EMAIL PROTECTED] wrote:
On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin
Fick wrote:
: It's an interesting threat model though :)
:
:Yes, but it really is a fairly simple one.
:I am surprised that HTML does not seem
:to have some extension to deal with this
--- Martin Fick [EMAIL PROTECTED] wrote:
--- Michael Holstein [EMAIL PROTECTED]
wrote:
My thought on Java was to be able to
automate the key scheme within the
browser, versus requiring them download
a .gz.gpg file and decrypt it on their
own. A (sort-of) working example of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The threat model we're talking about is hostile-server, in addition to
our old friend man-in-the-middle, right?
(Just trying to get my brain straight...)
- --
F. Fox: A+, Network+, Security+
Owner of Tor node kitsune
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin Fick wrote:
(snipped a litany of requirements, all of which talking about one-to-one
communications)
To me, it seems that it'd be better to try to modify something
SMTP/POP-like for this, than to modify HTTP for it. It sounds just like
what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin Fick wrote:
(snip)
Well, I think that is exactly what you will get
if you use pgp or gpg to send an encrypted email
to multiple recipients.
(snip)
IIRC, a GPG message in encrypted only once - even if there's multiple
recipients. It
Martin Fick wrote on 15.12.2007 11:08:
Hi,
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Let me explain that a little better: imagine a web
site which has content destined for specific
individuals.
Hi,
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Let me explain that a little better: imagine a web
site which has content destined for specific
individuals. For each individual there is separate
content
24 matches
Mail list logo
