Silly idea: "private comment" feature to let users write comments visible only to the post author #6
Comments
|
The obvious security hole could be mitigated somewhat by serving OpenPGP.js and using that to encrypt the comment content client-side before form submission. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Not sure if this will be widely used, and ignoring for a moment the obvious security hole in the scheme, it might be fun to let blog commenters tick a box ("Private comment" or something) that will trigger, upon receipt of the comment, the plugin to encrypt the comment content to the public key of the post author, if available. In fact the "Private comment" checkbox should only exist of the post author has a public key in their profile.
No, this will not solve the issue where the plaintext is still transmitted and received by the server, but that's why this is a "silly idea." It would, however, give users the ability to leave a comment in a way that is not visible to the other readers of the post. Why not write the author an email? Maybe the author's email is not known to the reader. shrug
It's a silly idea, but easy to implement and could be a fun flourish for nerds and/or a way to expose non-technical people to seeing a raw PGP message block on the Web a bit more often.
The text was updated successfully, but these errors were encountered: