Konfidi and Atom

From Konfidi
Jump to navigationJump to search

See digital signatures in the Atom Spec and some elaboration on how exactly to do that. A Java implementation of signing/verifying

We can't do multipart/signed whole Atom documents because the the many elements may have many authors (e.g. aggregrated feeds; blog comments)

  • Publishing/blogging/commenting interfaces would have to support signatures.
    • probably the software uses a regular input screen, then renders the Atom XML for the user to XML-sign (with a browser plugin?) and resubmit
    • otherwise, the software would have to have a copy of the user's private key, which is riskier, but more user-friendly
  • Use the signatures in the Atom Syndication Format document
  • Clients would validate the signatures and issue konfidi requests for each
    • personal aggregrating clients would hide those below a certain trust threshold
    • when blog software renders an HTML page, it would hide comments that the post owner does not trust
      • it (probably) should not hide comments in the Atom feeds, because the feedreader client can do the filtering at a more personal level

Random thought: Could the title, content, etc be separately PGP clearsigned or multipart/signed within multipart/form-data (manually or by a browser plugin) before form submission... and then translated into XML signatures on the respective elements?