Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
Rich Graves
llurch at networking.stanford.edu
Fri Feb 2 13:27:07 PST 1996
On Fri, 2 Feb 1996, Bryce wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> > What's wrong with a prominent PGP-signed notice in <PRE>'s that "This
> > page, at URL [whatever], has a separate PGP signature at [other URL]."
> > I've did that with the windows networking FAQ a few times until it just
> > got to be too much trouble.
>
> That's a good idea, but I don't see any reason to sign the
> notice.
For the paranoid, it would be an added assurance that they are reading the
original file at the original location. Otherwise, anybody could copy the
Web page, modify it, and give it someone else's PGP signature.
But yeah, it would look awfully silly, especially to the non-PGP-aware
public. An unobstrusive PGP logo (below) would be great, and might become
a status symbol, like those cheesy HTML validation service and Internet
Audit Bureau logos (which I have used on a few pages).
> Just put a "PGP signed" logo at the bottom of the
> page. If the user clicks on it then it hrefs to a .asc
> file (or is it better to have a .html file is the
> signature in <pre>...) which contains the detached sig for
> the original page.
>
> This would also have the bonus effect of making PGP more
> visible to the web-browsing public. I'll work on this
> during my.. err.. "spare time".
Yeah, I like the idea of a standardized logo. A lot.
-rich
More information about the cypherpunks-legacy
mailing list