funsec mailing list archives
Re: Blog Questions
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 26 Oct 2006 17:27:53 -0400
damn, there is no way to send out a plain text feed? why the hell do you need pretty pictures in a text only feed? stupid marketing department ;-) On 10/26/06, Fergie <fergdawg () netzero net> wrote:
RSS is (unfortunately) only currently designed for convenience, not security. Yes -- I know -- it will come back to bite us collectively. I've been saying this for a while. JP: There are several existing "flavors" of RSS, including ATOM, RSS. 0.9x and 1.0 (partial article), and RSS 2.0 (full article). Blogger, for example, offers on ATOM or RSS 2.0. Believe it or not, I would suggest starting with the RSS Wikipedia entry, follow the links, and read the spec for each. http://en.wikipedia.org/wiki/RSS_%28file_format%29 Cheers, - ferg -- "Dude VanWinkle" <dudevanwinkle () gmail com> wrote: Greet'ins fellow Funsec'ers, I recently signed up for my first blog, and as you all may have guessed its posts are lengthy, opinionated, and meandering. I was talking to Ryan about setting up an RSS feed, and while I dont know whether it will be XML or HTML, I do know that I would like a way to let my subscribers know that the items they receive are 1) from me and 2) secure. I know there are many bloggers on this list so I thought I would try and pick your brains on blog server side initiated security. 1: Is there any way to put a cert on the feed and sign all posts published to the readers? It would be cool if I could push out the public key when people first subscribed and then encrypt the content when posting; having the RSS Client decrypt and verify the source with one swail foop. 2:Is there any way to send plain text rss feeds? This would lessen the attack vectors to subscribers just in case I got drunk and decided it would be funny to push out a thunderbird or outlook express exploit on the post. Anyways, I am in the middle of Ms Dewey'ing for answers but i thought this also might make an interesting thread, so dammit, I am hitting the send button and there is nothing any of you punks can do to stop me!! -JP<who is feeling a little too empowered by his blog> -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Blog Questions Dude VanWinkle (Oct 26)
- Re: Blog Questions Blue Boar (Oct 26)
- Re: Blog Questions Dude VanWinkle (Oct 26)
- Re: Blog Questions Steve Kalman (Oct 27)
- Re: Blog Questions Dude VanWinkle (Oct 27)
- <Possible follow-ups>
- Re: Blog Questions Fergie (Oct 26)
- Re: Blog Questions Dude VanWinkle (Oct 26)
- Re: Blog Questions Blue Boar (Oct 26)