Public key cryptography wish list (by alaric)
I have opined in the past about how I'd like better support for public key infrastructure in applications and user interfaces, and a few ideas for how to generalise the signature infrastructure a bit, but I've since been accumulating even more things I think should happen to bring the benefits of strong public-key crypto to the masses.
I should be able to use a PGP key to sign my HTTP requests, as an HTTP authentication mechanism. For web apps that support it, the option of choosing a PGP key from my private keyring should appear on login boxes.
I mentioned before that I'd like to be able to sign blog comments and posts and other content I submit to web apps in text areas; but I feel like re-iterating it, and point out that this could be handled more neatly by having an extra HTML attribute on the <textarea> suggesting that it accepts signed content, thereby causing my browser to send a detached signature in the submission (as if placed in a second text area, whose name is the value of the attribute, but which does not need to actually exist as an HTML element) if I opt to take it up on the offer. That would be better than the hack recommended in my previous post.
Seamless support for signing all, or part, of a Web page, using an element wrapping the content which also refers to the signature (as a URI, or including it inline). For cases like where Markdown has been used to process the original entered content to make it into a Web page, the app should offer a link to the original content wrapped in the original signature; the app could have access to its own private key in order to sign the generated HTML as well, but that's orthogonal to the issue of the original author of the content signing it. Indicating to the user that a region of the page is signed needs to be done in a way that the page itself can't fake with CSS and JavaScript! Given the presence of canvas elements, this will presumably mean it has to involve some UI element outside of the rendering area of the web page - eg, in the browser toolbar.
Signing should really be the default state for files, messages sent via various means, etc - my user interface should be marking unsigned messages and files in red!
Public key management user interfaces should learn from Petnames, in order to provide a nice user interface while making impersonation attacks hard to do.
Seamless support for PGP-signed tar files. No need for a detached signature to download (it's in the tar file itself). Basically, I'd like to have tar able to detect a signed file and check the signature and seamlessly unwrap it to feed into the decompressor and then onto the actual tar file reading itself. This would be particularly pleasing, but in general I'd still argue for every app that reads a file to silently accept PGP-signed files without needing to explicitly unwrap them!
Needless to say, I am mulling infrastructure in ARGON to make public-key infrastructure an integral part of CARBON, and I'd suggest a Petname-based user interface for the management of entity IDs and CARBON global names!
ARGON, Crypto / security | alaric | 
Mon 1st Jul 2013 4:31 pm
Subscribe