NNSquad - Network Neutrality Squad
[ NNSquad ] Re: [ PRIVACY ] Would You Know if Your ISP Tampered With Your Web Pages?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Kevin McArthur wrote: | [ A couple of issues. First, while RFC 1864 states that only the | originator is supposed to create such headers, in a non-encrypted | environment there is no obvious way to enforce this rule, absent other | mechanisms. Therefore, header substitution would still be possible,
Well, I created mod_openpgp (apache extension) and a firefox plugin (enigform) that implement some OpenPGP extensions to http...
When I hit version 1.0.0 for both mod_openpgp and enigform, I'll have this complete set of features:
1) OpenPGP-signed requests (functional) 2) OpenPGP-signed responses (not started yet, been working on item 4) 3) Browser and Server-side verification of those signatures (server-side implemented) 4) An OpenPGP-based session management system (already functional, some apache functionality is still missing, but mainly because I'm working on another project right now) 5) Encrypted requests/responses (server-side support for encrypted requests is 90% done, thanks to Kevin Kiley [author of mod_gzip]).
I know it's not perfect for every scenario, but well, I woke up one day in the middle of the night with with "GET /" and "BEGIN PGP" on my head, so I had to implement it :P
- -- Arturo "Buanzo" Busleiman BUSCO Baterista para estilo brit-pop Zona Norte BsAs Independent Security Consultant - SANS - OISSG http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHgrRCAlpOsGhXcE0RCqRVAJ0Wius5KkQpLRZg+XnQZQrksZVl2gCcD1+K vwsitwLKFpy2IGswkYXscko= =Ituj -----END PGP SIGNATURE-----