[tahoe-dev] Ideas: Putting the read-cap after the URL fragment; HTML+JS payloads

Manuel Simoni msimoni at gmail.com
Fri Jul 1 14:52:57 UTC 2011


Hi Tahoe folks!

I've been thinking about two issues related to Tahoe+Web:

By putting the read-cap after the URL fragment, e.g.

   http://example.com/path/to/file#cap

one can guarantee that the cap is never sent over the network when the
link is clicked. Combined with in-browser JavaScript crypto code, one
doesn't even need a trusted gateway; a stupid WebDAV server will do as
ciphertext storage.

One step further would be for the actual payload to be a HTML file
that contains the encrypted data (e.g. inside a Base64-encoded CDATA
section in some HTML element with a standardized "id" attribute.)

The HTML could contain include JavaScript code that gets the read-cap
from the URL, and decrypts the content for display.

What do you think?

Manuel



More information about the tahoe-dev mailing list