-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li ---------- Forwarded message ----------
From ssl-lists-owner@minbne.mincom.oz.au Thu Aug 29 01:00:59 1996 Message-Id: <01BB9594.5E8FC740@minuet> From: Ming-Ching Tiew <mctiew@csi.po.my> Subject: Annoucing LivePGP - content security for web Date: Thu, 29 Aug 1996 10:25:07 +-800 Encoding: 54 TEXT Sender: ssl-lists-owner@mincom.com Precedence: bulk
Inspired by Adam Cain's write-up ( and others ) on comparison on the using of PGP, SSL/HTTPS, SHTTP and others on Web technologies, I have written a LivePGP plugin for Navigator 3.x and is available for evaluation for anybody who cares to send me a email ( as I don't have a leased line connection to internet ).
See below for a summary.
Thank you, Regards, Ming-Ching mctiew@csi.po.my
------------------------------------------------------------------------------------------------------ As a summary, this is a plugin for Navigator 3.x which I developed it myself, and which I called it LivePGP because it uses LiveConnect and PGP.
LivePGP is a plugin to be loaded on Navigator machine; it secures the content before transmittion to the network. Therefore, it doesn't matter what network or what's or ever.
With absolutely no intention to compete with SSL and SHTTP, LivePGP attempts to address some issues with existing security products :-
1. 1024-bit key length of PGP in comparison with 40-bit for SSL ( due to international export limitation ). PGP is a well-known product which has survived years to testing.
2. Extended security vs point-to-point security provided by SSL. Content coming out of SSL client and server are plain text, which may be subjected to system administrator's tempering with the data. Using LivePGP, the decryption of data can be relayed as late as (operationally) possible.
More important practical reason is that the signed content can be logged on the client and server; it is very useful to addresss non-repudiation. The client cannot argue that he didnot submit the transaction, because the content which contains the client's signature can be logged and printed out.
Similary, system administrator's tempering the data could be checked against with.
3. Even thought the plugin is developed using C/C++ and Java, deployment for any scenerio need only standard HTML/Javascript.
4. Client is Win95/NT. Server can be anything. Win3.11 is unknown.
5. Every part introduced by me is source code available.
6. Can use it together with SSL to make use of the high transparency of SSL.
7. Can use it to upload ( signed and encrypted ) local files, in addition to uploading ( signed and encrypted ) web content.