A few weeks ago I posted about the
problem with identities in open weblog comments systems. Since then I've been playing with different solutions, and I think PGP-signed comments are a good way to verify identities. It's extremely simple for the authors of comments systems to implement. (I added it to my comments system last night in about an hour.) It allows weblog authors to keep the barrier to conversation very low by not having a registration process. And it allows those comment-posters who are concerned about their online identity to take a few extra steps to digitally sign their comments.
It's also very easy on the comment-posting end. PGP has a function called "Sign" that matches the words of the comments with your public key. It includes a bit of garbled text based on those words, so the post can be verified. If anyone alters the words, the verification fails. I'm using
PGP 8.0, and it has a great feature that signs the text in the current window with one click. I would simply type my comments into someone's site as normal, then click this button. It's instantly signed. I'll try to post more explanation with screenshots if I have some time later today.
Here's how I implemented it for my comments system. A standard post is plain text:
This is a standard comment.
A PGP-signed post is also plain text with some extra junk around it:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a PGP-signed comment.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta
iQA/AwUBPdvNQq9S5muEtqHZEQKIgACfTjtzfc101lkfWXEHQLgcHux99S8AoN/p
GDxRz2sbpl1MIXFm5Bbb6JxF
=qlO3
-----END PGP SIGNATURE-----
Ok, it's not
junk, it's important information. But for the purposes of reading comments, it's junk. So if the junk is there when someone posts, my system saves the entire PGP comment as-is, then strips away the junk and stores the good stuff as a regular comment. Then, next to the information about who posted that particular comment is a link: [PGP]. Clicking on PGP will give anyone the original, unaltered, PGP-signed post that they can then use to verify the commenter's identity. My system doesn't do anything with decryption/encryption, handle any keys, or do any of the verificationit simply does a bit of extra text parsing. I didn't need to add any extra form fields or ask for any extra info. It doesn't break up the flow of conversation. The functionality is mostly hidden.
It puts the burden of identity management on the comment-poster instead of the comments systems. The poster would have to make sure their public PGP key is available somewhere, so people could verify their posts. It doesn't break up the flow of conversation, and it adds a bit of security for people who aren't posting anonymously. I'd feel much better about posting comments on weblogs if they had something like this available. For those who don't care, nothing changes.
I've tested this feature here with signatures from both
PGP 8 for windows and
gnupg for windows. It's bound to have some parsing problems with other platforms that need to be worked out, but I'll fix them as they come in. Check the comments on this post for an example. And let me know what you think. Will this work? Do you think people would sign their posts if it was an option?