concept for signed post list
- [Imagine this is an HTML page.]
- My PGP key is:
- Crypto details: this key length, this algorithm, etc. Optional link to tools page.
- List of those who signed my key: link here.
- List of signed posts, comments or other activities that are public follows.
- Category: Schneier blog comment
- URL: https://www.schneier.com/blog/archives/2013/10/friday_squid_bl_396.html#c2057561
- Message text (or hash) here:
- Signature here:
- Paragraph Break
- Category: Personal Blog Post
- Message text (or hash):
- END OF LIST
- Notice that, if it's from airgapped machine, you can always resign them with new keys or tech. You can produce the whole page from a machine readable list (eg JSON) on that machine. Further, you don't even have to sign individual posts: you can sign the whole list as a text file with both the file and signature available for download on the HTML page. Another proposal I gave Bruce a while back that blogs should just sign the BODY tag's contents and put the signature in as an HTML meta tag or comment or something. That way, it's viewable on all devices and a simple script/plugin could check authenticity. No SSL required. ;) You could do that on the page that lists the comments/posts. Many possibilities. I think linking to a signature on your blog takes the least space on others, provides you with ability to give valuable info, and the signed .txt file method might suit your setup best.
RAW Paste Data