What part of an Entry should be signed?
OpenQuestion What part of an Entry should be signed?
-
Content
-
All elments and attributes
Motivation
-
Signing an entry ensures that it has not been modified by anyone other than the author. This is arguably as important as secure posting authentication.
-
Signing an entry assures the reader that a particular entry is made by specific author.
-
Signing the just the content is not enough, Since many people just read the title, I think the title should also be signed.
-
Some parts of the entry may be system generated and thus can not/ should not be signed by the author. Perhaps it should be the "server" that signs say "date posted","guid","the message sig", asserting that the signed content is posted at this time with this guid. Not that any of this should be "required" but it should be allowed for.
See discussion at Identity.
See also EntryAccountability, EntryEncryption, CommentAuthentication.