Re: signature/encryption tags -> follow-up

Christian Mogensen (mogens@CS.Stanford.EDU)
Mon, 10 Apr 95 18:49:48 EDT

What you are really proposing here is not really HTML, but some other
media type, something like application/pgp-signed-document, or
more appropriately, a transfer encoding of pgp-signed-document
which the user agent automatically decodes according to its local
rules (in .mailcap on unix).

By using an encoding type, I can send a text/html or an image/gif and
still use the same transfer and verification machanism.

In other words: yes, pgp may very well be used to check signatures on
HTML documents, but pgp has its own mechanisms for doing this - and
HTML should not adopt them in favor of some other mechanism.

A browser has to integrate crypto support if it is to take
advantage of it - and if you are going to integrate support for crypto
into the browser anyway, why use something as arbitrary as PGP's encoding?
Why not actually use a more general mechanism?

Philip Trauring writes:
> As I am new to this list I was wondering how I insure my proposal for
> signature and encryption tags be added to HTML is discussed further by the
> working group. Even if the signature capability is the only one implemented
> at this stage that's fine, but I'd like to see it done. It certainly will
> fill a hole in WWW security at the moment.

As someone else noted earlier, the signature role can be dealt with by
expanding the use of the MD attribute to apply to all containers in
HTML, so you could say
<BODY MD="opaque-md5-hex-string">
stuff that is digested goes <B>here</B>

To verify:
compute the MD5 of the text between <BODY> and </BODY>, and compare with
the stored value.

As to whether HTML should be laden down with a lot of cryptography - I
think the answer is no. HTML is a markup language, not a keyring format
or a cryptography application. Cryptography applications may manipulate
HTML, but I think that is outside the scope of the HTML specification
beyond the minimum tags needed to support them (i.e. the MD attribute and
possibly a defined LINK name to refer to the public key of the author).

Christian "webhead <*>"