[tahoe-dev] Ideas: Putting the read-cap after the URL fragment; HTML+JS payloads
Manuel Simoni
msimoni at gmail.com
Fri Jul 1 07:52:57 PDT 2011
Hi Tahoe folks!
I've been thinking about two issues related to Tahoe+Web:
By putting the read-cap after the URL fragment, e.g.
http://example.com/path/to/file#cap
one can guarantee that the cap is never sent over the network when the
link is clicked. Combined with in-browser JavaScript crypto code, one
doesn't even need a trusted gateway; a stupid WebDAV server will do as
ciphertext storage.
One step further would be for the actual payload to be a HTML file
that contains the encrypted data (e.g. inside a Base64-encoded CDATA
section in some HTML element with a standardized "id" attribute.)
The HTML could contain include JavaScript code that gets the read-cap
from the URL, and decrypts the content for display.
What do you think?
Manuel
More information about the tahoe-dev
mailing list