intertwingly

It’s just data

Agile Financial Publishing


Tim Bray: Why Digital Signature? · This idea was first proposed by James Snell, and it’s a good one.  Mind you, the benefits are a little bit theoretical, since no feed-reading clients that I’ve seen actually check a digital signature.  The argument for this is similar to that for TLS; a bad guy who could somehow insert a fake press release into the feed could make zillions by gaming the share price.  A verifiable digital signature would let someone reading the feed know that the news in it really truly did come from Sun.

From busted to valid to best practices, all in a little over ninety days.  Kudos.

One can find code for creating and verifying digital signatures using Abdera on DeveloperWorks.  There also is an xmlsec1 command.

Once there is an actual feed deployed using digital signatures, I will enhance the feed validator to both verify the signature and to update the UI to indicate that the feed contains valid signatures.  I will also update both the Universal Feed Parser and Venus to deal with same, after all what use is it to sign a syndicated feed if the signature doesn’t survive syndication?