Neither HTTP nor HTML offer easy ways of publishing signed web pages, e.g., signed with a GPG key, nor for clients (browsers) to check signatures. I suspect it can easily be added to HTTP.
It was a lost opportunity to widely deploy PKI.
Signed content is cannot easily be repudiated, which might not be desirable; one must live with what you said forever.
The motivation was for powerful institutions to always publish with a signature, making it possible to hold them accountable.
No comments :
Post a Comment