funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blog Questions

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 26 Oct 2006 17:27:53 -0400
damn, there is no way to send out a plain text feed? why the hell do
you need pretty pictures in a text only feed?

stupid marketing department ;-)


On 10/26/06, Fergie <fergdawg () netzero net> wrote:

RSS is (unfortunately) only currently designed for convenience,
not security.

Yes -- I know -- it will come back to bite us collectively. I've
been saying this for a while.

JP: There are several existing "flavors" of RSS, including ATOM,
RSS. 0.9x and 1.0 (partial article), and RSS 2.0 (full article).

Blogger, for example, offers on ATOM or RSS 2.0.

Believe it or not, I would suggest starting with the RSS Wikipedia
entry, follow the links, and read the spec for each.

 http://en.wikipedia.org/wiki/RSS_%28file_format%29

Cheers,

- ferg


-- "Dude VanWinkle" <dudevanwinkle () gmail com> wrote:
Greet'ins fellow Funsec'ers,

I recently signed up for my first blog, and as you all may have
guessed its posts are lengthy, opinionated, and meandering.

I was talking to Ryan about setting up an RSS feed, and while I dont
know whether it will be XML or HTML, I do know that I would like a way
to let my subscribers know that the items they receive are 1) from me
and 2) secure. I know there are many bloggers on this list so I
thought I would try and pick your brains on blog server side initiated
security.

1: Is there any way to put a cert on the feed and sign all posts
published to the readers? It would be cool if I could push out the
public key when people first subscribed and then encrypt the content
when posting; having the RSS Client decrypt and verify the source with
one swail foop.

2:Is there any way to send plain text rss feeds? This would lessen the
attack vectors to subscribers just in case I got drunk and decided it
would be funny to push out a thunderbird or outlook express exploit on
the post.

Anyways, I am in the middle of Ms Dewey'ing for answers but i thought
this also might make an interesting thread, so dammit, I am hitting
the send button and there is nothing any of you punks can do to stop
me!!

-JP<who is feeling a little too empowered by his blog>


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: