From: Black Unicorn <unicorn@schloss.li>
A. Methods to run secure websites on insecure servers. [...] A software solution which permits local decryption makes traffic analysis less useful, presents the opportunity to use front end and disposable www pages on domestic ISPs while imposing no liability on the ISP itself, and opens several more effective traffic analysis deterants.
I don't quite understand what is being proposed here. If the information on the web site is encrypted, who is supposed to be able to decrypt it? Just one person, or some select group of people? My concern is the difficulty of keeping keys secret if they are made available to more than one or two people. Once the keys are known to those who would oppose the publication of the information they can go to the ISP just as easily as if the information were not encrypted, and get them to take it down if it is illegal. It would seem that an equally effective method would be to use no encryption, but just a secret URL, one which is not linked to from elsewhere - an "island in the net", so to speak (apologies to Bruce Sterling). Hal