[Cryptography] Encrypting web pages ?
Jon Callas
jon at callas.org
Sun Jun 6 04:08:10 EDT 2021
> On Jun 4, 2021, at 16:53, Henry Baker <hbaker1 at pipeline.com> wrote:
>
> Since most web pages are hosted at server farms, it would
> make sense to have them encrypted *at rest*.
>
[...]
> Are there any standards for how any of this could
> work?
>
>
> Or perhaps someone has already done this?
In the early days of web standards, there was an HTTP/S that encrypted the web pages and sent them over the net, as opposed to having a transport. It has obvious issues, like that you do a lot of traffic analysis, as everyone who reads the page gets the same bits, even if an eavesdropper doesn't know what they are.
As you mention, mixing this with TLS is just fine. It fixes the obvious traffic analysis. An issue with this sort of thing is when the web page is genuinely the output of a program, but you just pipe that through something. If the address of the content is a hash, though, it won't work.
Your WebAssembly suggestion is interesting, it's just sending code+data instead of just data. I remember in early Java days sending codecs along with data was something people threw around as ideas.
Jon
More information about the cryptography
mailing list