What remains to be done.
Hal
hfinney at shell.portal.com
Thu Jul 4 17:24:03 PDT 1996
From: Black Unicorn <unicorn at schloss.li>
> A. Methods to run secure websites on insecure servers.
> [...]
> A software solution which permits local decryption makes traffic analysis
> less useful, presents the opportunity to use front end and disposable www
> pages on domestic ISPs while imposing no liability on the ISP itself, and
> opens several more effective traffic analysis deterants.
I don't quite understand what is being proposed here. If the
information on the web site is encrypted, who is supposed to be able to
decrypt it? Just one person, or some select group of people? My
concern is the difficulty of keeping keys secret if they are made
available to more than one or two people.
Once the keys are known to those who would oppose the publication of
the information they can go to the ISP just as easily as if the
information were not encrypted, and get them to take it down if it is
illegal.
It would seem that an equally effective method would be to use no
encryption, but just a secret URL, one which is not linked to from
elsewhere - an "island in the net", so to speak (apologies to Bruce
Sterling).
Hal
More information about the cypherpunks-legacy
mailing list