PGP-Signing Comments
With the problems inherent in open commenting systems, it makes sense that the idea of PGP-signed comments is again taking shape. We discussed what a verification process might look like in December 2002 (in one of the first posts on the Six Log, even!).
Now, Srijith has written PGPComments, a plugin for Movable Type which implements Paul Bausch's ideas regarding display of PGP-signed comments. It still leaves a lot up to the person posting the comment--signing the comment--and the person reading the comment--verifying the signature--but it's great to see the process moving again.
That said, I think it's going to take a massive adoption of PGP to make this usable by end users, simply because, for the end user, signing and verifying requires far more investment than the apparent payoff. It's similar to the certificate verification on Windows downloads/executables--fundamentally, this is a service to the end user, but the process is so convoluted and hard to understand that it just gets ignored.
7 Comments
Thanks, Ben, glad you like the concept. I think your auto-verification is a great idea, and I think it's pieces like that (with others) that will eventually add up to a user-friendly distributed identity system. I agree PGP is not an easy concept for everyone, but baking it directly into the tools people use will help spur innovation. It's a path, not a complete solution. But I think it will work in the long-run because it feels like the Web: no one interest controls it, and people can adapt/extend the technology to suit their needs.
First of all - thanks for the publicity :)
As for verifying the signature, the plugin can be extended to do the verification once, when the comment is first submitted, though installing Crypt::OpenPGP's prerequisites is no easy work :) Two ways to pass the public key info can be used - either the one I mentioned in the post - using the "Comment" section or as a extra POST variable. The latter might be a bit confusing to non-PGP users.
IMO, the comment signing should always be done by the commenter, simply because the private key is too precious to pass on to the system.
BTW, isn't there an easier way to display a single comment in an MT entry or have I messed it up unnecessarily?
It's a great idea. The mechanism should also allow blocking or moderating by PGP key, too, so an abuser with a PGP key isn't automatically given a pass.
I took some time a few weeks ago to implement the generation side of Adam Back's hashcash system for use in web comments.
Basically it requires the comment poster's browser to jump through some computing hoops in order to create a valid token. When the comment is posted the token is validated and stored.
The token can't be used again to post to the same system within some interval of time. The tokens are also valid for only that system.
Spammers could generate lots of tokens ahead of time but they'd spend cycles doing it and they'd only get to post one spam to one blog at a time. Maybe this still sucks, I don't know.
If anyone is interested in working with this code let me know by email.
The main site with a more detailed description is at
http://www.hashcash.org/faq.html
While I think that using PGP keys is a great idea in a perfect world, in that world everyone would already have a PGP key, this is certainly not the case in today's world.
This may be a great solution in certain niche situations, but as an overall solution, especially corporate situations, it just doesn't work.
IMHO The solution to spamming has to be one that doesn't make it difficult for people (users) to provide and share information, making it more difficult would only reduce the amount of information that is submitted and shared, which is whole idea in the first place.
Just my $.02
as hard as it is to manage this problem, imagine how hard it must be to operate a search engine.
here is my idea (which i am sure is unoriginal and dumb in some way)
what if the posted url only became an active link and links in the comments only became active after they were confirmed by a blog admin?
the comments could still show the same and frequent contributors could also be given a pass of some sort to not require every post be confirmed
this would still allow the open and instant feedback, but would rot away all of the value of comment spamming.
a followup on how i think it would be best to do my post idea...
i know nothing about coding, but search engines do not generally follow java.
perhaps the comment sig and links could be active in java off the start and then have the java removed once the comment or author was confirmed on that blog by a blog admin...
thus the spontenaity and fast feedback loops remain, and only the spam value is removed.