[Cryptography] Encrypting web pages ?
Henry Baker
hbaker1 at pipeline.com
Fri Jun 4 19:53:39 EDT 2021
Since most web pages are hosted at server farms, it would
make sense to have them encrypted *at rest*.
But even more importantly, it would make sense to never
let the server farm even 'see' the plaintext web pages.
This means that the only job of the hosting farm is to
reliably serve up *bits* to a requester.*
Presumably, the encryption key is stored only in the
user's *browser* -- perhaps as an encrypted cookie --
so the user's browser calls up an encrypted web page
from the server, and decrypts it on-the-fly to show
it to the user.
(I'm not trying to avoid https; there are other
valid reasons for using https in addition, including
authentication.)
Let's ignore the problem of how the user gets the
decryption key and focus only on how the browser
and the web page server work.
Are there any standards for how any of this could
work?
Here's my suggestion for a stop-gap bandaid:
WebAssembly.
I believe that there are now WebAssembly libraries
for encryption/decryption/hashing, so it should be
possible to achieve something like this with
Javascript and WebAssembly.
Or perhaps someone has already done this?
* If this sound like IPFS, then yeah, that would
probably work.
More information about the cryptography
mailing list