W3C home > Mailing lists > Public > www-talk@w3.org > September to October 2006

Re: https without ssl

From: Tom Molesworth <tetra604@gmail.com>
Date: Fri, 29 Sep 2006 12:18:30 +0100
Message-ID: <6c93a9d90609290418o62ec097sd9abadfda92d0e09@mail.gmail.com>
To: www-talk@w3.org

hi there,

> Hello, i would like to make an application to a webserver
> that uses the http protocol, but encripted. i dont want to
> use https or ssl or tls.... is it possible to encrypt http
> and all the browsers can read the page????
>   thnx for your help

As far as I know, there isn't a commonly-deployed standard (outside
HTTPS) for this type of encrypted communication, but it's fairly
straightforward to implement encryption in Javascript, and use that to
exchange information between the client and server once the page has
been loaded.

Take a look at this page:

http://www.movable-type.co.uk/scripts/TEAblock.html

for a simple encryption algorithm, there's also a link on that page to
an implementation of AES, which should provide better security if
required. Whichever implementation you go for, the actual data can be
exchanged with XMLHttpRequest or IFRAME techniques as usual, see
http://www.ajaxian.com for more info on that.

Most browsers support Javascript, but you'd need some sort of fallback
for anyone who has disabled it - mobile/cell phone browsers usually
don't implement Javascript, for example.
Received on Friday, 29 September 2006 14:57:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:29 GMT