Another step for PGP comments

Jacques Distler is doing more work on the PGP-enabled comments idea. He's taken the signature method a step farther by showing how you can do automatic validation. By placing a PGP-key, auto-discovery <link> tag in your weblog (just like the auto-discovery tags for RSS, FOAF, etc.) that contains the URL of your public PGP-key, anyone should be able to validate anyone else's signature using just their weblog URL.

What this all boils down to is that you can build a distributed system for verifying identity in weblog comments. And your weblog becomes your central identity for all of your web contributions. Those who want to protect their identity can take the extra steps to use PGP and add the auto-discovery tag to their weblog, and those who want to remain anonymous or don't care about their identity can keep using weblog comments as they work now. There are no extra logins required, and no changes to the way you post/read comments.

Check out Jacque's post on the subject that explains how it all works in more detail: PGP-Signed Comments. (And his follow-up post: Notes on Comment Authentication.) He's working with Srijith, author of the Movable Type plugin OpenPGPComments, to add these auto-validation ideas into the next version of the plugin. I just added my pgp auto-discovery tag to this site. (Once I see their implementation of auto-validation, I'll see if I can incorporate it into the comments system here.)
« Previous post / Next post »


Just a suggestion.

If you serve up your PGP key with the correct MIME type ("application/pgp-keys") then client software will know exactly what to do with it (ie, add it to the user's keychain).

See .
Great idea, done!
Hi! You're reading a single post on a weblog by Paul Bausch where I share recommended links, my photos, and occasional thoughts.

Search Results

No emoji found