[cryptography] Opportunistic encryption of modern web application without "https"

Fabio Pietrosanti (naif) lists at infosecurity.ch
Fri Oct 25 16:43:18 EDT 2013


the idea is to deploy TLS with DHE cipher to achieve PFS unauthenticated (JS, no plugin) or with a TOFU trust model (JS with plugin) in any browsers, with the implementation model as follow:

- a JS library to be hooked to Ajax xhr request in javascript application

- a browser plugin that automatically hook xhr requests of certain application

- a server gateway application to convert this data flow (over websocket) to be forwarded to a https server in localhost with self-signed digital certificate

The brief discussion is at https://github.com/digitalbazaar/forge/issues/84

What do you think?

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131025/c8015f7a/attachment.html>

More information about the cryptography mailing list