On Fri, 28 Jun 1996, Joseph Sokol-Margolis wrote:
How might one arrange for these encrypted web pages residing on an (unsecure) server to get decrypted only at the client's machine?
Given the cost of high bandwidth connections and the practical necessity of surrendering control of the actual machine on which the server resides to have a decent connection at all, it seems to me that this possibility should be very seriously considered. It will allow virtual anonyminity of browsing and (with cooperative ISPs) allow anonymous maintaince of a page itself. The other alternative (maintaining control of the server and machine itself) requires substantially more work to foil traffic analysis and jurisdictional savvy employment to achieve the same effect. As usual, the mathamatic defense vastly exceeds the utility of the physical defense. To what extent will it be possible, e.g., to run a financial services web page from a server and still keep the server staff from knowing what the page is? It provides the ISP providing the server with liability protection, and presents many more anonymous possibilities. This, clearly, must be the best answer to turning web pages and WWW transactions into the kind of personal and private exchanges that PGP affords e-mail today.