[4769] in cryptography@c2.net mail archive
Re: HushMail: free Web-based email with bulletproof encryption
daemon@ATHENA.MIT.EDU (Ian BROWN)
Thu May 20 13:41:08 1999
To: Keith Dawson <dawson@world.std.com>
Cc: cryptography@c2.net
In-reply-to: Your message of "Wed, 19 May 1999 21:11:10 EDT." <v03102713b3690ff56eba@[10.0.2.15]>
Date: Thu, 20 May 1999 10:56:41 +0100
From: Ian BROWN <I.Brown@cs.ucl.ac.uk>
Perry Metzger wrote:
>Some parts of this description make me nervous. Why are PRIVATE keys
>being stored on a server, for instance?
It's still hard to give applets access to client-side data in a secure and
browser-independent way, but obviously this would be a great improvement.
>Why use SSL to send keys when you could use SSL to just send the data?
I think it's because the crypto library they are using (Cryptix) doesn't do
SSL yet ;) I presume the applet and its startup parameters can be transferred
over SSL by the browser, but the applet can't use that SSL pipe itself.
Ian
