[Cryptography] Encrypting web pages ?

Jerry Leichter leichter at lrw.com
Mon Jun 7 11:55:22 EDT 2021 

> Since most web pages are hosted at server farms, it would
> make sense to have them encrypted *at rest*.
The static data that goes into pages served are just files.  The techniques already available to encrypt files work just find for them.

> But even more importantly, it would make sense to never
> let the server farm even 'see' the plaintext web pages.
> This means that the only job of the hosting farm is to 
> reliably serve up *bits* to a requester....
This is a tiny special case of the problem of keeping data and computation done on a machine owned by someone else secure - secret, unmodifiable - even from the owner of that machine.  The web page case seems much less important that many other cases - there's *tons* of sensitive data stored and processed on cloud hardware which will never appear in any web page.  Protecting it is an area of active development, and there are some quite impressive solutions out there.  One quick example I found is Google's:

https://cloud.google.com/security/shielded-cloud/shielded-vm <https://cloud.google.com/security/shielded-cloud/shielded-vm>

This one isn't quite what you are looking for, but it links to other development efforts.  Microsoft has a number of published papers going in the same direction; I think some of the work is already available as a commercial offering on Azure.  (The term "sealed VM" sticks in my mind but I wasn't able to  quickly find any references to that.)  I'm sure AWS has done similar work though I haven't come across any papers.

If all you want to do is serve pre-encrypted files - or static pages, which come down to exactly the same thing - to Web clients, you can do that today.  No, there's no standard way to get the files decrypted, but frankly it's not clear to me that anyone really cares about that enough to write a standard.  This is a special case (static content only) of a special case (web services) of a more general problem ("safe" storage, computation, and data interchange on shared infrastructure).
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210607/3b88b143/attachment.htm>

More information about the cryptography mailing list