Towards secure comments
From Dave to Ben to Bill to Justin to Eric, an idea is forming on how to do decentralized and secure comments. Stripping away all the implementation details here's the basics as I see them:
- Comments are digitally signed
- Recipient fetches proported sender's web page and discovers the key and followup policy
- Recipient provides selected comments and or blog entries based on validated policy
I like the idea of validating against something I can find in somebody's weblog. I'd also like to suggest that instead of sending back responses and presuming that the recipient is online, that I merely produce a personalized feed and leave it on my server to be fetched whenever the client desires.