Using GnuPG to sign web pages.

[Carlo Luciano Bianco]

Il /18 gen 2005/, *Neil Williams* ha scritto:

> On Tuesday 18 January 2005 11:28 am, Carlo Luciano Bianco wrote:
>> Dear all,
>>
>> We have put online a brief tutorial on a possible use of GnuPG (or any
>> other OpenPGP-compliant software) to sign web pages. It is at:
[...]
> Section about checksums: Why not use a valid attribute like title or id 
> instead of inventing chksum? Title will show up in a tool-tip, id can be
> used as a link.

First of all, thank you for your feedback!

I am just the English translator of the page (originally in Italian), but I 
am actively discussing this matter with the author (i.e. TJL73).

IMVHO the most "clean" solution at this stage is the first one, i.e. writing 
the checksums in a table in the "comment" section together with the OpenPGP 
signature (I think I will do this in my web pages, for the moment). But 
inserting them in the "img" tag makes easier to write a plug-in to check them 
automatically in the browser window, that's why TJL73 added that last 
section.

Both "title" and "id" have already their intended meaning, but there is a 
thread on the it.comp.sicurezza.crittografia newsgroup (an Italian newsgroup 
about encryption) where we are discussing, also with TJL73, possible 
solutions using XHTML instead of HTML4.

> Now what we need is a method for displaying the validity of the
> signature within the main browser application window.
> 
> Maybe a little script to sit in the Konqueror Tools menu?

Maybe, or maybe a Firefox extension... ;-)

-- 
| Carlo Luciano Bianco | ICQ UIN: 109517158                              |
|______________________| Home page: <http://clbianco.altervista.org/>    |
|GPG DSA/ElG 1024/4096:|_________________________________________________|
|KeyID:0x5324A0DA - Fingerprint:8B00C61034120506111B143DEDBF71B45324A0DA |