Signing comments on blogs
22nd July 2003
Adrian Holovaty has implemented reserved comment names in his blog, a feature that prevents anyone apart from him from using the names “Adrian”, “Adrian H.” or “Adrian Holovaty” when posting a comment. François Nonnenmacher suggests extending the idea to allow people to “confirm” their authorship of comments on any blog using a TrackBack sent to their site that in turn causes them to be sent an alert email, which they can then use to confirm their comment. I like his idea of authentication based on URLs (email addresses are no good; they should not be publically displayed for fear of spam harvesters) but I think I’ve come up with an alternative authentication scheme that removes the need for the user to manually confirm authorship. This is pretty complicated, so bare with me.
- The comment author enter’s their comment in to a form on the site. They see a standard icon indicating that the blog in question supports comment signing. Rather than manually entering their name and URL, they activate a bookmarklet that they have previously added to their browser.
- The bookmarklet fills in the name and URL fields for them. It also takes the comment, appends a secret key (stored in the bookmarklet) and finds the MD5 hash of the new string, using the Javascript MD5 library. It inserts this hash in to a hidden field in the comment form.
- The user can now submit the new comment. That’s all they have to do.
- The weblog server now kicks in to action. If the comment has not been signed (there is no hash in the hidden field) it adds the comment normally, noting that it should be displayed as an “unsigned” comment on the comments page. End of story.
- If it has been signed, the server has some work to do. First it must start loading the URL indicated by the user on the comment form. It is looking for a
<link rel="signature">
element, which will provide the URL of a signature authenticating web service. If the </head> tag is reached, the system can assume the link element does not exist and can mark the comment as “unsigned”, - If the web service is found, the server can now send it the comment and the User’s site URL. The web service (which knows the user’s secret key) will respond with a hash created in the same way as the one constructed by the bookmarklet.
- If the hash returned by the web service matches the hash provided by the bookmarklet, the comment is considered “signed”. The server can store it as such, and later display it with an icon or style that indicates it is a signed comment. If they do not match, the server can either store the comment as “unsigned” or even flag it as “untrusted”, since it was incorrectly signed.
As you can see, it’s a relatively complicated system. The comment authors must have a custom bookmarklet and add a tag to their home page indicating their authenticating web service URL. Note that they do not need to host the authentication web service themselves—they can instead point to one run by someone else who they trust (trust here is essential as the web service must know the user’s private key). Meanwhile, the blogging system needs to be able to perform HTTP requests.
The key advantage of my system is that, being based on MD5, it is relatively easy to implement (as opposed to a system based on something like PGP). Provided no one points out any immediate flaws, I would happily construct a prototype in PHP. I’m sure a Perl implementation for Moveable Type users would not prove much of a challenge to any talented plugin author.
Security wise, it strikes me that the weakest link is the client side bookmarklet which comment authors would need to use. However, comment signing is not the most critical security application in the world and comment authors could easily change their password by updating their bookmarklet and alerting their signature web-service provider (which could even be themselves) of the change.
And if the signature idea doesn’t win any favour, the idea of having a bookmarklet to fill in your name and URL in blog comment forms is one I’ve been meaning to share for some time.
More recent articles
- Weeknotes: datasette-enrichments, datasette-comments, sqlite-chronicle - 8th December 2023
- Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
- llamafile is the new best way to run a LLM on your own computer - 29th November 2023
- Prompt injection explained, November 2023 edition - 27th November 2023
- I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
- Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023
- Deciphering clues in a news article to understand how it was reported - 22nd November 2023
- Exploring GPTs: ChatGPT in a trench coat? - 15th November 2023
- Financial sustainability for open source projects at GitHub Universe - 10th November 2023
- ospeak: a CLI tool for speaking text in the terminal via OpenAI - 7th November 2023