[HTTPS-Everywhere] Viable HTTPS alternative
Ashwin
cybernytrix at yahoo.com
Wed Jul 7 19:11:35 PDT 2010
I have developed a browser based Javascript encryption method and system that is
100% secure (resists MITM, DNS spoofing etc.). The server side load is the same
as HTTP (with no h/w devices etc.)
The fundamental idea is to transmit encrypted content to a hidden HTTP iframe.
Which then sends it to a HTTPS iframe using window.postMessage() (in HTML5) or
via cookies. Since the HTTPS iframe is secure it cannot be tampered with, it
also contains the decryption keys. The HTTPS iframe then proceeds to decrypt the
message and renders it on the page.
Please read (before you dismiss it is impossible!):
http://www.research.rutgers.edu/~ashwink/ajaxcrypt/
I am looking for Javascript and HTML experts to convert it into a library
(LGPL).
Thanks,
Ashwin
More information about the HTTPS-everywhere
mailing list