Re: Encrypted Web Pages?
--- "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> wrote: > Martin Fick wrote on 18.12.2007 01:05: > > --- "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> > wrote: > What if on sudden he becomes aware of one of the > recipient key's compromise? Now > sender needs to decrypt the whole site and > re-encrypt it to another set of public keys, > excluding the compromised one to not > let an attacker to lay his hands on sensitive > data (if it's not too late already). Problems > arises: No need to decrypt anything, simply destroying the compromised data is enough in my case. The only compromised data is the data encrypted with the compromised key. ... > If my life was at stake, I wouldn't trust it to that > sort of things. I depends on what puts your life at stake, compromised data or lost data? If the later, than certainly such a system is not for you (but neither are most alternate solutions), if the former I wouldn't trust any other type of system! > And finally there is a gap in the threat model. If > we treat webserver as > untrusted (or even malicious) then we can't discard > a trivial option of > DoS attack: server (or hosting provider) may simply > erase the contents > of the website or block access for legitimate users. Not a major concern in my threat model. Lost data is not compromised data. This can easily be coded around with redundant separate isolated secret hosting. -Martin Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Encrypted Web Pages?
Martin Fick wrote on 18.12.2007 01:05: > --- "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> wrote: > >> Have you looked at FireGPG Firefox extension? >> http://firegpg.tuxfamily.org/ > > --- "Alexander W. Janssen" > <[EMAIL PROTECTED]> wrote: > >> Why not simply use the Firegpg-extension for >> Firefox? > > I had not seen this, thank you, this would > certainly be a valid fallback use case also. > >> Obviously that's only working perfectly with >> text-files, but you could >> possibly try to make up your own XPI for Firefox. > > Yes, I was hoping for a simple HTMLified > solution. > > Seems like perhaps instead of implementing > this at the browser level, this could be > implemented at the proxy level. Simply > send requests to a personal local proxy > which can intercept encrypted pages and > decrypt the ones it has the private keys > to! This would be more versatile, usable > by more browsers, less vulnerable to > JS/other dynamic html attacks... This approach pleases me much more. However HTTPS traffic won't please such proxy very much unless it can handle it on his own (in MITMish way). > Anyone want to implement it? ;) It could > use gpg. Can anybody suggest a good > simple well written proxy which would be > easy to hack to add this to? One of existing options for consideration is GPGrelay. It's intended for mail traffic proxying, but I suppose it's not entirely impossible to modify it for HTTP traffic (not so sure for HTTPS). But I see another problem with your proposal -- problem with encryption logistics if you wish. Suppose we already have such a magic wand for web-pages transparent client-side decryption (whatever it could be). Lets say, sender has published a website encrypted to some set of public keys (excluding his own key for before-mentioned reasons). What if on sudden he becomes aware of one of the recipient key's compromise? Now sender needs to decrypt the whole site and re-encrypt it to another set of public keys, excluding the compromised one to not let an attacker to lay his hands on sensitive data (if it's not too late already). Problems arises: 1. How could sender decrypt the website if he doesn't have the appropriate private key? 2. How could be data re-encrypted if not even the sender uploaded it (according to some earlier proposal)? He didn't had the plaintext in the first place. 3. How time-consuming could be a task of re-encrypting a large website with a lot of pages and how much could go wrong leaking the plaintext data? If my life was at stake, I wouldn't trust it to that sort of things. And finally there is a gap in the threat model. If we treat webserver as untrusted (or even malicious) then we can't discard a trivial option of DoS attack: server (or hosting provider) may simply erase the contents of the website or block access for legitimate users. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
Re: Encrypted Web Pages?
--- "F. Fox" <[EMAIL PROTECTED]> wrote: > The threat model we're talking about is > hostile-server, in addition to > our "old friend" man-in-the-middle, right? Sure, -Martin Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Encrypted Web Pages?
--- "F. Fox" <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Martin Fick wrote: > (snipped a litany of requirements, all of which > talking about one-to-one > communications) > > To me, it seems that it'd be better to try to > modify something SMTP/POP-like for this, than to > modify HTTP for it. It sounds just like > what a standalone mail server would be suited to. Sure, if you focus only on all the points that resemble email, it will look like email. :) But you completely ignored all the requirement parts that look like the WWW that were inherent in the use of the word "Web Pages", HTML, linking, web site organizing, and also particular to my needs: the ability of the recipient to not have to host the service himself (so that he can access it anonymously with tor!) -Martin Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snip) > > Well, I think that is exactly what you will get > if you use pgp or gpg to send an encrypted email > to multiple recipients. > (snip) IIRC, a GPG message in encrypted only once - even if there's multiple recipients. It goes like this: 1.) A random key is generated. 2.) The message is encrypted with that random key, plugged into a symmetric cipher. 3.) That random key is encrypted with the public key of each recipient, and appended to the message itself. So, the recipient would reverse that process: Use their private key to decrypt the random key, and use that in the appropriate symmetric cipher to decrypt the message. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cfuej8TXmm2ggwAQhcmg/+OkAyGUcd9+Z/IEZBXKo37aU5417iv6BD 5EhrPpuvENXzNRksgMIrbaLE86LxEc3rMlMEo3hk/fsU8LjmDOFYZiGtNucOmCJs iblhWt9O3RrpehnSGamBrbuwRwp22cJA/jKdCzDX5UINy+8IT2u99ngTCy1SpXpr lqSeRJXFkpjIn4LsFu0lNdAZRDrBo3i38FkNQ/1MR5Ko+OmhsBnMpWoa+EzZD8eq pMyGsRNMAHel+/cHcmcCwZSU884FlO1I5HPPFq5lujFnUW4ZNWi3g//1iTG3FGJI P0cNsLFqdBoUDKRnK+WpD5kqmMd1JMcsgH0oT45RE96MpdjXcKTape52VVEW6FpD aUbX3T7e15iykj0Oqh/qF/jlpq6ex/LLcfeaCsDkJR9D+X3LyfTsn/K8Xf/qrh/x MKLKtDkZen3dmYRvG0JJ3pp9IzRQvyJGeU/d8f8QarUpJ9OEb7luHHnqKZOzT/fw ns6TbnZEJOA9FTFhez9krm2BZ86b+sJiXm0lbRsBQ8oyKS7ZJKdT0uWkm9f2R1cv kevKc6gBdMEVRNVZFFRJ3QoHx/KrpJ3oenqyGg+7EPA4ilNiDDZKKTwirxpN+rbs 8215Gm7q5n9Ob0NbXPxX1XSE0VNBwgezZf3O5xDrFmXNIjUninPqmd5TNGQCwTY+ HERZoDanGpI= =0M1T -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: > --- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote: > >> On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin >> Fick wrote: (snip) >> HTTP is a publishing mechanisim in which you >> usually want people to see it, or restrict >> viewing to a group and is thus centered >> around one to many (or in "web2.0" land >> many to many) communication lines. > > Yes, but I really am just talking about a > more secure version of the one to many > scenario where you don't trust the server! > The many, of course, can always be one. > (snip) This is a good point. Since crypto is being used to enforce access rights, read permissions can be wide open, as can be file creation (but not modify, or delete). Only the intended recipient would be able to read the message, anyway. So, maybe an HTTP-based solution would work, after all... it could be as simple as having a script on the server, which would allow file upload according to the permissions in the previous paragraph. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2celuj8TXmm2ggwAQgb1A//Xj5RhcnmSyJ5WBtx7lSk8hxAFquc4tB7 E0ge/cgHUehfQjGaCxVD6+iOJY9pjBeMZtjzWLbGqhq1t/xVMPKDcuLtyom37Qj3 vhqt96P8JvUL5/WZ2HynhXDL3At+40SB5pyRn7P4PrzaZaqdLYvPn8mu9K7RImAl qJ4IWZjG34gRm1pyQe9yQZwk5wjmdh7riecaruwOnsP3KfE5pdqT7xzt1f47KID1 EEen/WboRyqCnkryYxC8YxwjGmCNgHtzbRstd3UW0jlcqa1BwGAljGJIyNKPA2ep AYdm38BFfCAZjk37uzgygkdqQykk5As4svbXibLbqSa5QWIOU1vxEmMMcqIOaTFK CVAPNPtZoqdxoPCvnugNKE0covfiCDanomexodSvZ/KROFNlBsL33r+gb52Wtobe wfkCNUAsOSf+77Uy9PB6LGperQfp2a5cnAVr6AMXNPono5EA3ruNB6uWGHtOXnB6 4QQ54qaii/D6Ho+EhqKfSGX+IveKBcfDEmpAM/km/jbgFkeLoHFOZHM60Gf2zOLS /g7lteG4W6LvvFLHc/3XKoDtlMyfpeDE4ZxK3lEwMSddV0yzNMFXnNi2t4P4zP/q 6iMmz4SvP1lHeeAPXcp4fQrl8kX42+5R8jA5sRhHa9kOLG4R5Sggu8KonaCO3OoU t9O+awnShjY= =1Kln -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snipped a litany of requirements, all of which talking about one-to-one communications) To me, it seems that it'd be better to try to modify something SMTP/POP-like for this, than to modify HTTP for it. It sounds just like what a standalone mail server would be suited to. (Of course, if it's not a hidden service, the SMTP server would have to use a non-default port.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cdIOj8TXmm2ggwAQh0uA//Rg23MuzjlIDoQqsFwcENyDwiIxMbwJcd iCvcPQsDlqhX6Ap3Hjvp5eEth7aiSS41CpmwpHV86j//5dMIdvYUyhnbaRBVyR5E 77NZTE5PuR7UgxSDdees52Z1voi6tHpN538lehUetgJbt+0Le20fxx8lf37A/K+Z SMEsSXDqWRq37ZJQ4OJmCtFtHSvM0WJ0Q4OugJSaritXkXFM5k9T2z9JQq7jZHaG CwVY/gS3PkzIg3BG3CRUPS0VTzOg1ZzPGCIJffuyNDjJMchTixODbYa0RRZv6g+W fr2l16K32/tvJGxrc/YOsE6TDd8jqDbXmxYi7ELFU9M5Lq0F+rehRKOEwsqBPXWc 58GY12KhpD4+PK4LQwkT+QZaPeCo7G/0rtaQamVYHy5Df5QqQEEPkOG1LgoGhguM 7+p1aRj0A4EibQkgoI32WftoOmEFQ05aXCK41/mUJwoE4kXD9O45dXKXdCdEmzgo HWKWQdrCv5UJlRHFjbRKehc3iMYhTGGcwu+hmUU3T5ntIVvIM6CIumOj1J36piiS RK1GKLE1oB7relDKU2N9isgZoNLxF0YaukNYU/Tlqlo5jvv4n828a1fzcrrNqGqO t55OH6T6ORvkxfq1sOX4mVtjykoYVcXMZ6OZoPmUQoRH4jk5hPmDJHduOkmxJdjS IExC1MWJWc4= =c7v9 -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The threat model we're talking about is hostile-server, in addition to our "old friend" man-in-the-middle, right? (Just trying to get my brain straight...) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cbtOj8TXmm2ggwAQiJww/+PTif29i5UkYuLsrPk6ZZKpMNPOFr7ZYg uWF1otT2VkErPlF3cTLXuV24iKb6vyVJupEvxcTWVXqxiCTPCXIfpk0W4cu9VQ9y rIX7RJfRXInOUgwx7q/YRYbTWNWaPC6ghNf7D4sBKxELdeYU44Cn+x0BY0COYRKa TCj0GnhlBkTzeVEZtj62Be9eDkZuwDmPs66lXCTi+vmzVwX3m3BJQKFwE2SjADNr 0BNUHz2rpoI5a0GQw2crWsiN8YHDGcyC503wboyQDOPa4Ogj2ExMP6XC6xNlJyaB i28sbsz890xHpIZ6THFnl29Zif7u4urseassjd8au9TCcU6dLuAmRe04THAgPC3W f0FVCGjKPXD/IYOm8d1622Co2X6trUyYC1opTZAWRwDf7SMd+9lpxvfSj670uf8v 88ZPmzZgr9t+0bt+j51I64eI/4ONqx6czCYgg1p0BTTQVWAS/H8TxZZBt14soEeM SlvEreUEUaoRJx4J89TqrvlSlfWPIFw/cCzwTh/iCY5E1b84kZ7nvq5xv2T6jiSI O41Ac1cEsdAAV+vxoZQ7QDz9/Rk6eWj8TdUA330NNvb4tpbrVdmTmEngAGMKTONg puhIqjnmau16MpevVOMtZY9rsVDNREe8qKvmWeWg6MJ+stbsSDJWkFP/2xPAufj0 G7ZnGy8jPyU= =UoJs -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael Holstein wrote: (snip) > I'm not a mathematician, but it can't be wise to store multiple copies > of the same plaintext encrypted by the same cipher using different keys > .. much crypto has historically been broken that way. (snip) Historically, this is very true; also, the greater the amount of such material available to an attacker, the more likely such an attack would be successful. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cbGuj8TXmm2ggwAQg8xA//ZNoJOyGDGHLf0hDu2TGwHOEI2oo4nSUk OH4BANuRH6niLMXjjpv/ZMtzmCjZSCJpQNJcvNdN48mFEYprfuJZzN86jxAvMaji BChKwspK4BtzuYxTs2MOcetjLXboY/dLgzSj+Fh6DRbz93ouRzOyVM8xu8gxQcuO +67fT/FoXzK/y/X93NkfHPdJ+w/Dgi0QYxECm7GdzY9Dhz9g7eet30ghK5qWy+HO s6jzSqvVJnUxFUt3Hn/zCrlK/h8HjwSvAuhW/X6JskpGZ4t/RvamVJ2BB2MQasCY oD1MaQgVNqaePh/E14HTk53HxDU2NgJIchlZC7DUtpgP3vGsZ4piLYB9BjnwLFto sYGA62StYOgb4Uj0FpV2uNsmuOuJQNiK+y9oT9MU1kDYteo/dMe9q3BpZT1kr/M6 jsH7kIBKFHmSqmNQX89ccGSaFi39threfL1arS6H9Q9MuVqrXJnPZlTssBA1v2iy QJi8Q5rZioXbx2QA5NB2Oafs0MjRl48WqTiWXp+wqWiq3xSClR7PABLlXoFyGm0z fYOVnCqrFCuVFcMD2mBgbA5fQwRatfxtJnov358cERQA64EaYpkiZ+Aemqg8GJdk HXwmPOkFTVgJhf7wxLZ2JjzJAG6HrkDyspwSD/oOI20z1DhuS99h46sKJSSl+GDc SSbMdoaVZn0= =v23/ -END PGP SIGNATURE-
Re: Encrypted Web Pages?
--- Martin Fick <[EMAIL PROTECTED]> wrote: > --- Michael Holstein <[EMAIL PROTECTED]> > wrote: > > > > My thought on Java was to be able to > > automate the key scheme within the > > browser, versus requiring them download > > a .gz.gpg file and decrypt it on their > > own. A (sort-of) working example of > > this is how HushMail does it (using > > Java to code the PGP stuff). > > Forgive me for not understanding, but > what prevents HushMail from decoding > the messages? Ah, from HushMail themselves: https://www.hushmail.com/hushmail/showHelpFile.php?file=compatibility/java/index.html "Attacker controls webserver while you are accessing your email With Java: Not protected, but evidence of the attack will remain on your computer Without Java: Not protected, no evidence of attack on your computer" Seems pretty untrustworthy to me. There is a hidden messaging/mail service in torland which should be more trustworthy than HushMail, but, of course, I don't think that it is integrated with the browser like I would like. -Martin Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Encrypted Web Pages?
--- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote: > On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin > Fick wrote: > > :> It's an interesting threat model though :) > : > :Yes, but it really is a fairly simple one. > :I am surprised that HTML does not seem > :to have some extension to deal with this > :already. It is not much different from > :encrypted email concepts, just that the > :browser needs the ability to do the > :decrypting instead of your mail program. > :The simplest fallback may be to simply > :open the web page with the user's mailer > :(if their mailer supports that,) > > > The major difference is that email was designed > personal correspondence, and evolved along > those one to one lines. Sure. > HTTP is a publishing mechanisim in which you > usually want people to see it, or restrict > viewing to a group and is thus centered > around one to many (or in "web2.0" land > many to many) communication lines. Yes, but I really am just talking about a more secure version of the one to many scenario where you don't trust the server! The many, of course, can always be one. > So I can understand why there isn't a ready made > solution, using HTTP for secure one to one > communication on an untrusted server just isn't > something that's done, and secure one to many is > done by owning and securing the server. Ignore the "one to one" aspect and I think that you may still be right. But trusting the server still leads to a less secure method of 'one to many' and my suggested "HTML features" would be helpful there too! > This isn't to reflect on you're > application except to say it's > uncommon. Maybe not so uncommon, just that most people readily accept that the server should "know all" or they give up. I think that there are many opportunities which are lost because some people will not outsource their hosting because they will not accept that "the server should know all" and because they do not have the resources to host things themselves. The simplest and most obvious one is encrypted webmail using regular webmail sites. A solution to this problem could open up many new doors, and many of those doors I suspect would be very welcomed/needed in tor land, not just for my application, -Martin Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Encrypted Web Pages?
--- "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> wrote: > Have you looked at FireGPG Firefox extension? > http://firegpg.tuxfamily.org/ --- "Alexander W. Janssen" <[EMAIL PROTECTED]> wrote: > Why not simply use the Firegpg-extension for > Firefox? I had not seen this, thank you, this would certainly be a valid fallback use case also. > Obviously that's only working perfectly with > text-files, but you could > possibly try to make up your own XPI for Firefox. Yes, I was hoping for a simple HTMLified solution. Seems like perhaps instead of implementing this at the browser level, this could be implemented at the proxy level. Simply send requests to a personal local proxy which can intercept encrypted pages and decrypt the ones it has the private keys to! This would be more versatile, usable by more browsers, less vulnerable to JS/other dynamic html attacks... Anyone want to implement it? ;) It could use gpg. Can anybody suggest a good simple well written proxy which would be easy to hack to add this to? -Martin Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Encrypted Web Pages?
Martin Fick wrote on 17.12.2007 23:25: > I am surprised that HTML does not seem > to have some extension to deal with this > already. It is not much different from > encrypted email concepts, just that the > browser needs the ability to do the > decrypting instead of your mail program. > The simplest fallback may be to simply > open the web page with the user's mailer > (if their mailer supports that,) Have you looked at FireGPG Firefox extension? http://firegpg.tuxfamily.org/ I'm not endorsing it in any way (to me it has too many open questions) but could be a starting point for your own research or development. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
Re: Encrypted Web Pages?
Michael Holstein wrote on 17.12.2007 23:01: > I'm not a mathematician, but it can't be wise to store multiple copies > of the same plaintext encrypted by the same cipher using different keys > .. much crypto has historically been broken that way. As a side note: In the context of OpenPGP you have to encrypt the same message (plaintext) with more than 65536 public keys in order to make things somewhat more appropriate for an attacker. And even that's won't help him much because of the PKCS padding. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
Re: Encrypted Web Pages?
--- Michael Holstein <[EMAIL PROTECTED]> wrote: > > > Is there a mechanism to use HTTPS to > > preencrypt web pages so that they > > are encrypted on the server (and so the > > server does not have the keys to decrypt > > them!) > > Not using HTTPS per-se, but you can use SSL to > encrypt files. Agreed. > > My initial constraints are that once the data > > is put on the server that no one except for > > the intended recipient could decrypt it, > > including the original poster, server admin... > > Or, to basically do with HTTP what GPG does with > email. The original > poster would necessarily need to have access to the > plaintext, as they > would need to encrypt it with the end-user's public > keys (each of them > individually). Yes, but they should be able to discard it once it is encrypted. (see #5 in my reply to Jonathan D. Proulx) > I'm not a mathematician, but it can't be wise to > store multiple copies > of the same plaintext encrypted by the same cipher > using different keys > .. much crypto has historically been broken that > way. Well, I think that is exactly what you will get if you use pgp or gpg to send an encrypted email to multiple recipients. -Martin Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Encrypted Web Pages?
It is now clear to me that I have been unclear about the requirements. Let me try to be more explicit. 1) I am looking for a "point2point", "sender 2 receiver", secure encrypted web page mechanism. 2) Senders are untrusted to recipients. 3) Web server is untrusted to recipients. 4) Senders create the encrypted web page content and post it to an untrusted #3) web server destined for specific individual recipients. 5) Once posted to the web server, senders are expected, but not guranteed to (see #2) to delete all plain text versions of the web pages. 6) The web server should never see plain text versions of the web pages (see #3.) 7) One web page is destined for one single user, i.e. it is encrypted with one public key ony. If the sender needs to send the same message to multiple recipients, he will simply create multiple web pages and no one even needs to know this. 8) Any web server side access mechanim can only be used to manage web pages, not for data access (see #3.) In other words, there could be web server side access mechanisms to control the posting and deleting of web pages, but not the decrypting of web pages. I do not think that the scenario you specified below meets #3, #5, #6 or #8 which I just specified :), or does it? Thanks for the suggestions though, -Martin --- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote: > You use X.509 personal certificates to authenticate > the user, this is relatively straight forward and > standard. > Once you have established identity with X.509 you > tie that identity to > a gpg||pgp public key. Presuambly you would > establish this initial > mapping at account creation, where you could > generate the client > cretificate and request the user upload their public > key. Now > whenever you see that certificate you know which key > to use for > encryption, decryption stays on the user end. Your > app should > probably check keyserver for key revocations so it > doesn't lead data to a compromised key. > > -Jon Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Fick wrote: > Yes, but it really is a fairly simple one. I am surprised that HTML > does not seem to have some extension to deal with this already. It > is not much different from encrypted email concepts, just that the > browser needs the ability to do the decrypting instead of your mail > program. The simplest fallback may be to simply open the web page > with the user's mailer (if their mailer supports that,) Why not simply use the Firegpg-extension for Firefox? Step 1: Open encrypted file in webbrowser http://yalla.ynfonatic.de/media/firegpg-demo/step1.png Step 2: Mark the stuff and chose "decrypt" http://yalla.ynfonatic.de/media/firegpg-demo/step2.png Step 3: After entering your passphrase, a result-window pops up and shows you the content. http://yalla.ynfonatic.de/media/firegpg-demo/step3.png Obviously that's only working perfectly with text-files, but you could possibly try to make up your own XPI for Firefox. > -Martin Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR2a2xxYlVVSQ3uFxAQIP8wP9F++o1A72KA2Ekl4IzfBTjnpq/SbYsOHl 65o7dub/FLq0+yQ8T6iM+DDtkkD2+82ntqtExTx2whTqXi+rPztS819CI6qYzqVt dhnCMEJURnVjklcMTWUQhx3oCMCuGNl8p/StDJD8YY706LD8+SKhMzfoo+uA8KhZ uYMTZ2+S5Ns= =+gxd -END PGP SIGNATURE-
Re: Encrypted Web Pages?
On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin Fick wrote: :> It's an interesting threat model though :) : :Yes, but it really is a fairly simple one. :I am surprised that HTML does not seem :to have some extension to deal with this :already. It is not much different from :encrypted email concepts, just that the :browser needs the ability to do the :decrypting instead of your mail program. :The simplest fallback may be to simply :open the web page with the user's mailer :(if their mailer supports that,) The major difference is that email was designed personal correspondence, and evolved along those one to one lines. HTTP is a publishing mechanisim in which you usually want people to see it, or restrict viewing to a group and is thus centered around one to many (or in "web2.0" land many to many) communication lines. So I can understand why there isn't a ready made solution, using HTTP for secure one to one communication on an untrusted server just isn't something that's done, and secure one to many is done by owning and securing the server. This isn't to reflect on you're application except to say it's uncommon. -Jon
Re: Encrypted Web Pages?
--- Michael Holstein <[EMAIL PROTECTED]> wrote: > > > Despite my bias, an embedded java app > > would not work since it would be > > controlled (provided) by the hostile > > server right? > > You could sign the applet with a key > provided to your clients, since you're > using a distribution model where you > have known end-users (as you need their > keys to encrypt the data). But I have untrusted senders who should never be able to get access to my private keys (public keys, sure), so how does the signing help? If the java app is created by anyone but the recipient it cannot be trusted. > My thought on Java was to be able to > automate the key scheme within the > browser, versus requiring them download > a .gz.gpg file and decrypt it on their > own. A (sort-of) working example of > this is how HushMail does it (using > Java to code the PGP stuff). Forgive me for not understanding, but what prevents HushMail from decoding the messages? > It's an interesting threat model though :) Yes, but it really is a fairly simple one. I am surprised that HTML does not seem to have some extension to deal with this already. It is not much different from encrypted email concepts, just that the browser needs the ability to do the decrypting instead of your mail program. The simplest fallback may be to simply open the web page with the user's mailer (if their mailer supports that,) -Martin Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Encrypted Web Pages?
On Mon, Dec 17, 2007 at 08:52:30AM -0800, Martin Fick wrote: :> I may be missing something about the :> implications of HTTPS, but you could :> certainly key pgp public keys to x.509 :> identities if you wanted to keep static :> data gpg encrypted on the server. : :I'm not sure that I understand this :suggestion, could you be more explicit? :Are you suggesting simply limiting access :to the data by certificate (i.e server :side limiting?) That would not satisfy :my trust model, the server should be :assumed to be untrusted. So knowing a bit more about your requirements I'll clarify my think on this point as it's most relevant (though doesn't address transparency to the user). You use X.509 personal certificates to authenticate the user, this is relatively straight forward and standard. Once you have established identity with X.509 you tie that identity to a gpg||pgp public key. Presuambly you would establish this initial mapping at account creation, where you could generate the client cretificate and request the user upload their public key. Now whenever you see that certificate you know which key to use for encryption, decryption stays on the user end. Your app should probably check keyserver for key revocations so it doesn't lead data to a compromised key. -Jon
Re: Encrypted Web Pages?
Is there a mechanism to use HTTPS to preencrypt web pages so that they are encrypted on the server (and so the server does not have the keys to decrypt them!) Not using HTTPS per-se, but you can use SSL to encrypt files. My initial constraints are that once the data is put on the server that no one except for the intended recipient could decrypt it, including the original poster, server admin... Or, to basically do with HTTP what GPG does with email. The original poster would necessarily need to have access to the plaintext, as they would need to encrypt it with the end-user's public keys (each of them individually). I'm not a mathematician, but it can't be wise to store multiple copies of the same plaintext encrypted by the same cipher using different keys .. much crypto has historically been broken that way. ~Mike.
Re: Encrypted Web Pages?
Despite my bias, an embedded java app would not work since it would be controlled (provided) by the hostile server right? You could sign the applet with a key provided to your clients, since you're using a distribution model where you have known end-users (as you need their keys to encrypt the data). My thought on Java was to be able to automate the key scheme within the browser, versus requiring them download a .gz.gpg file and decrypt it on their own. A (sort-of) working example of this is how HushMail does it (using Java to code the PGP stuff). It's an interesting threat model though :) ~Mike.
Re: Encrypted Web Pages?
--- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote: > On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad > SATtva Miller wrote: ... > What about just HTTPS with user certificates? you > get both proof of identity and a means of > encrypting data to that identity, yes? Is there a mechanism to use HTTPS to preencrypt web pages so that they are encrypted on the server (and so the server does not have the keys to decrypt them!) Also is there a mechanism for the user to provide the decrypting key to the browser? > What are you doing that isn't covered by this? My initial constraints are that once the data is put on the server that no one except for the intended recipient could decrypt it, including the original poster, server admin... > I may be missing something about the > implications of HTTPS, but you could > certainly key pgp public keys to x.509 > identities if you wanted to keep static > data gpg encrypted on the server. I'm not sure that I understand this suggestion, could you be more explicit? Are you suggesting simply limiting access to the data by certificate (i.e server side limiting?) That would not satisfy my trust model, the server should be assumed to be untrusted. -Martin Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Encrypted Web Pages?
--- Michael Holstein <[EMAIL PROTECTED]> wrote: > > > I have what may perhaps seem like a strange > > question. Is there any commonly used software for > > encrypting and decrypting web pages? > > > > > Let me explain that a little better: > > imagine a web > > site which has content destined for specific > > individuals. For each individual there is > > separate content on separate pages, and no > > one but the individual for whom the content > > is destined should be able to read the > > content, not even the creator of the content! > > > > In other words, is there a private/public key > > mechanism similar to PGP (or even a PGP web page > > plugin) that will work transparently while > > browsing the web? The transparently part would > > mean that a user can provide a private key to a > > browser and any > > pages encrypted with the user's public key would > > automatically be decrypted for him when he views > > them. ... ... > If you had a scenario where you needed to deploy a > webserver in "hostile territory" and needed to > ensure the security of the data thereon, Yes, that is the scenario I am trying to deal with. When it comes to anonymity/secure communications I would assume all hosting services could be hostile. > you > could conceivably gzip and GPG each .html page and > associated items with multiple public keys based on > some other criteria (like what cert the > browser provided) and then let the end-user decrypt > it with their private .. but this definitely won't > be "automatic" Yes the fallback is a manual process, I was looking for an automated way, say by using SSL in some weird way where the SSL was preencrypted on the server and without a client key negotitation since the client already has the key to decrypt it? But I can't figure that one out, plus it would seem to require a different web server (different key) for each user! > .. but you could wrap it in Java to make > it somewhat portable if you wanted. For portability? Java is the least portable language I have ever programmed in! ;) Despite my bias, an embedded java app would not work since it would be controlled (provided) by the hostile server right? -Martin Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Encrypted Web Pages?
I have what may perhaps seem like a strange question. Is there any commonly used software for encrypting and decrypting web pages? Yes, SSL .. and it's been around for quite a while. Let me explain that a little better: imagine a web site which has content destined for specific individuals. For each individual there is separate content on separate pages, and no one but the individual for whom the content is destined should be able to read the content, not even the creator of the content! Why not just SSL the site, and then restrict access to it using certificates (still X.509, but separate from the one used for transport security) In other words, is there a private/public key mechanism similar to PGP (or even a PGP web page plugin) that will work transparently while browsing the web? The transparently part would mean that a user can provide a private key to a browser and any pages encrypted with the user's public key would automatically be decrypted for him when he views them. Again, this can be easily provided by issuing X.509 certificates to the end-users and then requiring those certificates to authenticate to the webserver. Transport security (as it pertains to TOR, etc.) is provided by a separate X.509 certificate who's purpose is to sign the encrypted channel over which the data is transfered. You would manage the X.509 certificates assigned to your users by yourself, so you could handle revolkations (although Verisign, et.al. will happily sell you a commercial X.509 solution for client auth). If you had a scenario where you needed to deploy a webserver in "hostile territory" and needed to ensure the security of the data thereon, you could conceivably gzip and GPG each .html page and associated items with multiple public keys based on some other criteria (like what cert the browser provided) and then let the end-user decrypt it with their private .. but this definitely won't be "automatic" .. but you could wrap it in Java to make it somewhat portable if you wanted. You could also write an ActiveX or XPI plug-in to incorporate it into the browser .. but then you're putting a lot of "trust" in a 3rd party with your GPG keys. ~Mike.
Re: Encrypted Web Pages?
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote: :Considering the amount of bugs and weaknesses found regularly (and not :found) in common browser software (open source or not), it's not a :well-advised practice to trust a browser handling of sensitive private keys. While I agree, this isn't the only way to implement such a system. Teh browser could hand off encrypted content to a external appliction to hadle the decryption. What about just HTTPS with user certificates? you get both proof of identity and a means of encrypting data to that identity, yes? What are you doing that isn't covered by this? I may be missing something about the implications of HTTPS, but you could certainly key pgp public keys to x.509 identities if you wanted to keep static data gpg encrypted on the server. -Jon
Re: Encrypted Web Pages?
Martin Fick wrote on 15.12.2007 11:08: > Hi, > > I have what may perhaps seem like a strange question. > Is there any commonly used software for encrypting and > decrypting web pages? > > Let me explain that a little better: imagine a web > site which has content destined for specific > individuals. For each individual there is separate > content on separate pages, and no one but the > individual for whom the content is destined should be > able to read the content, not even the creator of the > content! > > In other words, is there a private/public key > mechanism similar to PGP (or even a PGP web page > plugin) that will work transparently while browsing > the web? The transparently part would mean that a > user can provide a private key to a browser and any Considering the amount of bugs and weaknesses found regularly (and not found) in common browser software (open source or not), it's not a well-advised practice to trust a browser handling of sensitive private keys. > pages encrypted with the user's public key would > automatically be decrypted for him when he views them. > > Thanks, > > -Martin -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
Encrypted Web Pages?
Hi, I have what may perhaps seem like a strange question. Is there any commonly used software for encrypting and decrypting web pages? Let me explain that a little better: imagine a web site which has content destined for specific individuals. For each individual there is separate content on separate pages, and no one but the individual for whom the content is destined should be able to read the content, not even the creator of the content! In other words, is there a private/public key mechanism similar to PGP (or even a PGP web page plugin) that will work transparently while browsing the web? The transparently part would mean that a user can provide a private key to a browser and any pages encrypted with the user's public key would automatically be decrypted for him when he views them. Thanks, -Martin Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping