[Cryptography] Encrypting web pages ?
Phillip Hallam-Baker
phill at hallambaker.com
Sun Jun 6 19:10:43 EDT 2021
On Sun, Jun 6, 2021 at 3:05 AM Henry Baker <hbaker1 at pipeline.com> wrote:
> Since most web pages are hosted at server farms, it would
> make sense to have them encrypted *at rest*.
>
> ...
> Or perhaps someone has already done this?
>
Now that you mention it...
Mathematical Mesh 3.0 Part III : Data At Rest Encryption (DARE) (ietf.org)
<https://www.ietf.org/archive/id/draft-hallambaker-mesh-dare-11.html>
OK so I will be back coding after a week off to celebrate the Mesh passing
all its 450 unit tests. I am now working on the shell wrapper for the
standalone host. Should have a demo service people can use for testing.
(And yes, I mean testing, do not be so silly as to encrypt anything you
care about under alpha release code).
DARE is designed to support all the requirements I believe necessary to
make Data at Rest Encryption viable for social media applications.
The first requirement is to be able to add users to the group of authorized
readers easily and control access once they are added. Threshold
cryptography is used for this. So the content is encrypted under public key
G=g.P and the private key g=xn+yn where xn is the user's private key share
for the group and yn is the private key held by the service. Both the key
service and user must cooperate for the user to decrypt.
The second requirement is to be able to efficiently encrypt and decrypt
sequences of data. So consider the case in which we have a blog with
comments on it. The comments are readable by anyone who is authorized to
read the group. But the host cannot read the comments. This requires a
capability I call incremental encryption. A single key exchange performed
when the comment thread is started can be used to encrypt all the
subsequent entries in the sequence. This makes end-to-end encryption
tractable computationally.
PHB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210606/6591dbe9/attachment.htm>
More information about the cryptography
mailing list