On 9/13/15, Purodha Blissenbach <[email protected]> wrote: > In a discussion in the German Pirate Party the idea came up that we > might want to have cryptographically signed wiki pages. > I could not find that this has been implemented already anyhow. > > Thus, can we develop an extsion which provides cryptographically signed > wiki pages? > > A brief and preliminaly scetch would mean that any user who provides a > matching public key could sign any existing page. > Before a page + signature is saved, the signature is checked for > vadility. > Editing a siged page is possible without resigning it. > There must be a page display allowing to copy+paste the page with > signature for external verification. > Therre should be a button triggering the verifivation via an external > online service. > Maybe signature display of signed pages should be suppressable. > Any numer of independent signatures must be possible to a page. > > Does that make sense? Anything vital forgotten? > > Feedback welcome. > > Greetings -- Purodha > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Sounds like the sort of use case that would be well-adapted to ContentHandler. Whether or not this is a good idea depends on what sort of security goals you have in mind. Some thoughts *Key distribution: Can just anyone sign any page with any key? How do you communicate to the user if the signature is worth anything? Will some association be made between user accounts and public keys? *Intent of signature: You may want to have some way to specify what the intent of the signature is - Is the signer agreeing with the document? agreeing to be bound by the document? asserting that they have reviewed the document for factual accuracy? * "Therre should be a button triggering the verifivation via an external online service" Well probably a good idea, keep in mind - if you don't trust the local server, why would you trust that one of its links go to the legitimate external server, etc. -- bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
