Support PGP verification? #122
Comments
|
Here's one concrete proposal.
Example: This should be backwards-compatible with existing twtxt users. The registry should also gain an extra API to query users by fingerprint and coalesce their varying urls. |
|
I'm not convinced of the merits of GPG-signed microblog posts, but how should a client discover the associated .sig if the URL that clients are supposed to fetch is https://www.example.com/blather/? |
|
Good point, I was assuming twtxt.txt was a mandatory part of the URL. After reading the comments in #48 , I think a better proposal is to simply use an attached signature within twtxt.txt and teach clients to ignore the standard header and footer. (Regarding merits, do you have other solutions to the two problems I mentioned, (a) secure microblogging without paying a central registrar for an SSL cert, and (b) securely moving from one hosting provider to another, especially when the old one breaks unexpectedly?) |
|
I really like the idea of signing ones twtxt feed. This would indeed allow for further identification besides the URL of the file itself, so that the URL becomes exchangeable while the identity is maintained and verified. But using the fragment identifier is not really an option. As the name suggest it should be used to point to specific twts when needed. Instead we could make use of the proposed metadata format (see #48) and include directives like |
|
How do you link to a specific twt with a fragment? Do you use the timestamp? That's neat. If breaking backwards compatibility is on the table, I'd advocate making the fingerprint, or maybe just the last 8 bytes, a first-class element of the mention syntax: |
|
This is significantly overloading the mention syntax in a way that makes it harder to parse. |
|
I like the idea of clearsigning the file. I uploaded a signed twtxt at https://domgoergen.com/twtxt/mdom.txt.asc, so everybody can test their clients. txtnix does ignore everything unknown so it works finde with the gpg blocks. |
|
Comment by @freemor on irc:
|
|
Here's another reason to sign the file: I'd like to make an 'unhosted' in-browser twtxt client. Many hosting providers don't provide CORS headers, so in order to load others' twts I'll need to use a service like corsmirror.com. But then, even if a following url is https, I'm totally at the mercy of the mirror who could rewrite twts. With client-side pgp verification in js, I can keep content security even without the transport-layer security. |
|
Okay, i tried to implement that tonight for txtnix tonight but it's harder than i thought. Either i have to rework all plugins to handle a temporary twtxt file for clearsigned signatures or the publish plugins have to be able to upload multiple files for detached signatures. I don't know if it's easier to implement in twtxt, so i wait and see what happens here... :) |
|
The latest version of txtnish now supports clearsigning your twtfile and verifies the retrieved files. The user interface is probably not optimal, but i'm very interested in any ideas. |
It would be great if a user could register a PGP public key in addition to a URL. Then she could post PGP-signed messages to an HTTP endpoint and still enjoy security. The client could verify the twtxts before displaying them. Also, indexing mentions by PGP fingerprint instead of URL would allow a user to move from one backend storage to another without loss of continuity.
What do you think?
The text was updated successfully, but these errors were encountered: