On Fri, 2 Feb 1996, Bryce wrote:
-----BEGIN PGP SIGNED MESSAGE-----
What's wrong with a prominent PGP-signed notice in <PRE>'s that "This page, at URL [whatever], has a separate PGP signature at [other URL]." I've did that with the windows networking FAQ a few times until it just got to be too much trouble.
That's a good idea, but I don't see any reason to sign the notice.
For the paranoid, it would be an added assurance that they are reading the original file at the original location. Otherwise, anybody could copy the Web page, modify it, and give it someone else's PGP signature. But yeah, it would look awfully silly, especially to the non-PGP-aware public. An unobstrusive PGP logo (below) would be great, and might become a status symbol, like those cheesy HTML validation service and Internet Audit Bureau logos (which I have used on a few pages).
Just put a "PGP signed" logo at the bottom of the page. If the user clicks on it then it hrefs to a .asc file (or is it better to have a .html file is the signature in <pre>...) which contains the detached sig for the original page.
This would also have the bonus effect of making PGP more visible to the web-browsing public. I'll work on this during my.. err.. "spare time".
Yeah, I like the idea of a standardized logo. A lot. -rich