[Cryptography] Encrypting web pages ?
Christian Huitema
huitema at huitema.net
Sun Jun 6 14:50:09 EDT 2021
On 6/6/2021 12:21 AM, Robin Wood wrote:
> On Sun, 6 Jun 2021, 08:05 Henry Baker,<hbaker1 at pipeline.com> wrote:
>
>> Since most web pages are hosted at server farms, it would
>> make sense to have them encrypted*at rest*.
>>
> Most sites are dynamic so you may be able to encrypt the static bits like
> JavaScript libraries and HTML templates but the useful content is pulled
> from the database and so would be created on the fly. That would mean you
> would have to encrypt it on the fly as well and at that point, aren't you
> just as well using HTTPS?
Also, the static content is going to be delivered to a great number of
clients. If it is "encrypted at rest", all these clients will at some
point decrypt it. Thus, the decryption key is going to be known by this
very large number of clients. If the decryption key is well known, what
is the value of this static encryption?
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210606/186b4309/attachment.htm>
More information about the cryptography
mailing list