On Tue, Mar 10, 2009 at 3:27 PM, Chris Anderson <[email protected]> wrote:
> On Tue, Mar 10, 2009 at 9:01 AM, Brian Candler <[email protected]> wrote:
>> Inventing new cryptosystems is dangerous. Why not an OpenPGP armored
>> detached signature?
Does this hand-waving version of a signed document look like it could work?
{
"_id" : "89a7stdg235",
"_rev" : "1-26476513",
"signed-content" : {
"message" : "I said this and I meant it.",
"date" : "2009/04/09 15:54:08",
"author" : {
"name" : "J. Chris Anderson",
"url" : "http://jchrisa.net";,
"photo" : "http://jchrisa.net/profile.jpg";
}
},
"signature" : {
"content-hash" : "s7d23fiu7g34awb47e32rso7d54fn3sdf==",
"content-serializer" : {
"code" : "http://jchrisa.net/repeatable-json-0.2.2.js";,
"decimal-precision" : 4
},
"public-key" :
"5s2457d357f47io46u135h35as5df135oi235ugs4a35df57ou7y5g1s5d5f58ou1s3d4f==",
"signed-hash" : "h235h345h3147j23j35g1235344j3246h46jg3245j==",
},
"foo" : ["this content is not signed", "it's just here"]
}
I'll try to implement this in the next few weeks. The pseudo base64
above is just more hand-waving. Ideally I'd be compatible with other
implementations of GPG.
Anyone see any obvious flaws in the above?
As far as editing and history go, I think they are valuable, but I'd
rather leave them out of scope for the first round of what I write. I
think they can be added later without too much changes.
Chris
--
Chris Anderson
http://jchrisa.net
http://couch.io
![http://jchrisa.net/profile.jpg"](http://jchrisa.net/profile.jpg"){kind=link}