Hi Tahoe folks! I've been thinking about two issues related to Tahoe+Web:
By putting the read-cap after the URL fragment, e.g. http://example.com/path/to/file#cap one can guarantee that the cap is never sent over the network when the link is clicked. Combined with in-browser JavaScript crypto code, one doesn't even need a trusted gateway; a stupid WebDAV server will do as ciphertext storage. One step further would be for the actual payload to be a HTML file that contains the encrypted data (e.g. inside a Base64-encoded CDATA section in some HTML element with a standardized "id" attribute.) The HTML could contain include JavaScript code that gets the read-cap from the URL, and decrypts the content for display. What do you think? Manuel _______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
