January 21, 2003
Comment signing
I've been thinking about how to structure a system that allowed comments you make to 'return to you' so you can track what went where. I've prepared a PDF illustrating it.
What I'm suggesting is that commenting systems could grow to include the ability to 'send' you someting that helped you keep track of what comments you've made. Using PGP signatures might be one way to avoid spamming.
You give the server a PGP ID. The server notes that, looks it up and confirms that it can send you something. On receiving it your local keyring could be updated to accept further messages from the server (after confirming it's a valid key) and then track the comments locally.
There are complications on how you'd 'receive' such messages. Doing it with e-mail is one way but not without it's hassles. Having a helper program watching your mailbox and 'doing the right thing' is often a very messy process. Likewise using an instant messenger is problematic in that you either need a whole other IM account for receiving the messages or a helper program injecting itself into the stream listenting for the messages.
I didn't say it was easy. What I'm suggesting is the start of using PKI signatures as a way to avoid unwanted and untrusted abuse.
I like the idea, and have written up some thoughts.
Posted by: justin klubnik on January 22, 2003 01:17 PM
