From: Mike Fletcher <fletch@ain.bls.com>
Date: Fri, 9 Feb 1996 00:44:30 +0800
To: cypherpunks@toad.com
Subject: Re: [CODE] Signing Web Pages
In-Reply-To: <199602081016.FAA05219@dal1820.computek.net>
Message-ID: <9602081608.AA08594@outland>
MIME-Version: 1.0
Content-Type: text/plain



[ Ed's PGP signer deleted ]

	Neat script.  I had an idea for verification of pages using a
Java applet.  You have in the signed page an applet tag that would
reference the authenticator applet (which because of security restrictions
would need to be loaded from local disk, but . . .).  The applet would
get the URL of the current page and save it to disk.  It would also grab
the signature (either by just appending ".asc", or with something processed
by Ed's script by searching for the key phrase).  The applet then runs
PGP and verifies the page and pops up a window with the results.  It would
then tell the browser to re-read the verified document from the local
filesystem.

	There are a couple of problems (i.e. you'ld need to provide an
applet from the server that would put up a pointer to where to get your
copy of the real authenticator applet and how to install it), but does
anyone see any other problems with it (Aside from it being a mega 
kludge :)?  And does anyone know when PGP 3.0 is out so that a Java
wrapper could be put around the library to make it even easier? :)

	What do you think, sirs?

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------