-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "Rich Graves <llurch@networking.stanford.edu>" is alleged to have written:
On Fri, 2 Feb 1996, Bryce wrote:
What's wrong with a prominent PGP-signed notice in <PRE>'s that "This page, at URL [whatever], has a separate PGP signature at [other URL]." I've did that with the windows networking FAQ a few times until it just got to be too much trouble.
That's a good idea, but I don't see any reason to sign the notice.
For the paranoid, it would be an added assurance that they are reading the original file at the original location. Otherwise, anybody could copy the Web page, modify it, and give it someone else's PGP signature.
Uhhh- wait a second. Anybody can always copy the file *and* the signature to a new site without changing the authentication. And anybody can always copy the cleartext and then sign it with a different key. Right? What are you getting at? Now what you can do is put the site's URL in the signed text, forcing the copier to change the URL and re-sign it with his own key. And you could time-stamp your document, proving that you had possession of it before the copier did. But that's the extent of what you can do, AFAIK.
But yeah, it would look awfully silly, especially to the non-PGP-aware public. An unobstrusive PGP logo (below) would be great, and might become a status symbol, like those cheesy HTML validation service and Internet Audit Bureau logos (which I have used on a few pages).
Yeah that was my idea. A little "PGP signed" logo. If the user clicks on it it gives them the signature, and/or a href to a PGP page. (Probably one maintained by yours truly.)
Yeah, I like the idea of a standardized logo. A lot.
I have a little logo which is (as I recall) 32x32 pixels which is just "PGP" with a red check-mark superimposed. I'll hack on this idea during what I jocularly refer to as my spare time. Regards, Bryce "Toys, Tools and Technologies" the Niche New Signal Consulting -- C++, Java, HTML, Ecash Bryce PGP sig follows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMRK45PWZSllhfG25AQG9uQP/Ry8TJDwvBjgNLjqJ4O0kX5277Th9ERoD /I90bq+EvdkVOIypr8DIagxGQDtY8GUDeIXzZvvoUSH/h/EioKP7P6J3El9liCmO NEYcGhlYtnKMn2/iKeQiZfu68iVSCpUSm8Tvq42ecLKTpgcpx+6sQIhFs3e5oG0O F2lc601FTL4= =0qGM -----END PGP SIGNATURE-----