a blog site

A blog site

This blog specifies how Eccentric Authentication can be used to design
a blog site. The most impressive aspect is that we can create a blog
site that allows anyone to blog using a pseudonym. Even the site
operators cannot learn the real identity of the blogger.

Commenters can write either anonymous or under a pseudonym.

And we show how participants can write private message to each other,
again without any third party being able to read the contents of the
messages.

We will address how to deal with trolls, spammers and other abuse.

Sign up for a blog

People can sign up for our blog site with an Ecca-account. As with
every Ecca-account, you choose your username. Your browser generates a
private key for the account and requests a certificate. When your
chosen username is still available at the site, you get the
certificate that binds the username to your public key. The signature
from the site binds it to the blog site.

The certificate is used by the site to control access to your blog. It
means, only you can write at your blog.

Writing your blog entries

Unless ordinary blog sites, this only publishes cryptographically
signed data. When you want to write a blog entry, you start your web
browser, type your text and have your browser sign it with your
private key. Then you send it to our blog site for publication.

The site verifies your signature and if that succeeds, it adds your
message and it’s signature to the blog. Under the hood it looks like
this:

<blog_entry><title>A sunny afternoon</title>
   <body>It was a sunny afternoon, time for a beer when .... happend. 
         I loved it.</body>
   <signature id="your-username" algorithm="sha256">[long hexadecimal string 
     representing the cryptographic signature of above message, signed 
     with your private key]</signature>
</blog_entry>

The readers will – of course – see a nicely formatted blog entry
with the signature string hidden, thanks to the wonders that is CSS.

Your readers’ browser on the other hand will check the signature. They
fetch your certificate from the site and actually validate the
signature against your private key in the certificate.

Writing comments

Readers can leave comments. It’s a blog, so comments are
expected. There are two kinds of comments:

  • anonymous comments;
  • pseudonymous comments.

The anonymous comments are written by people that love to read your
blog but don’t want to leave any identity when responding.

The anonymous comments can be held back for publishing until you
approve them. Or you can allow them up front and you delete them when
you disapprove. How these comments are dealt with it totally up to
you. It’s your blog. If you disagree with an already published
anonymous comment you can delete it any time.

To write a pseudonymous responses requires an Ecca-account. When a
reader wants to write a comment under a pseudonym, he registers for an
Ecca account at our blog site before he can write. Then his browser
signs the comments with his private key and delivers it at the blog
site. The site validates your message signature against your
certificate and posts the comment at the blog.

As the comments are signed with the commenters’ private key, just like
blog entries are, it allows the other blog readers to validate the
signature. When that signature is valid, the readers have linked your
public key and your ecca-identity to the message.

When writing under a pseudonym you can establish a reputation where
others may recognise your nickname. Even though they don’t know your
real name.

Scoring

There is a difference between anonymous and pseudonymous
commenters. Anonymous commenters know their status. Their messages
need approval upfront and face deletion any time.

The blog-site keeps track of a reputation score. For every comment you
write that gets published, you score a reputation point. At first,
your messages are held back for vetting by the blog owner.

When you acquire a certain number, say 5 points, your future messages
will be published without pre-approval of the blog owner, while still
scoring points.

When your messages gets flagged as spam by the blog owner, you lose
half your points. It’s the electronic version of trust that comes by
foot and leaves by horse. It’s more difficult to gain trust than it is
to lose it.

With a reputation management scheme, such as this we can keep the
spammers and trolls at bay.

Private messaging

What we do differently than other sites is that we publish your
message together with the signature and a way to obtain the
certificate. It allows your browser to validate the signature and it
ties your public key to the message.

With the public key, people can encrypt a message that only your
matching private key can decrypt. This is the basis for truly secure
private messaging.

Here’s how it works: A commenter writes a message in his browser, when
he’s finished writing, his browser signs it with his private key and
encrypts it with your public key. Then the browser drops the message
at our sites’ drop box for delivery. Next time you log in, you receive
the message. Your browser decrypts it with your private key and you
can read it. As the message is signed, you can validate its signature,
and when that succeeds, you have the correct public key of the person
who wrote the message. That key also validates every other message
written by the person, you now know the persons’ “history”.

Using the same method, you can respond to the person.

Now that you’ve exchanged keys you can bootstrap any other security
protocol between you and the other.

Trust considerations

The trust requirements for this blog application are quite low. The
impact it has is quite large.

Anyone can read any blog and comment without having to log in. Anyone
can comment anonymously. Anyone can validate the blog entries against
the sites CA-certificate.

Once you decide to open a blog, you implicitly decide that you trust
the site to run their Certificate Signer correctly. Still, you can
sign up without providing any personal details.

By writing the blog signed entries you spread your public key and
certificate around. Other people can link that key to your
writings. At the same time, you can connect the public keys of people
that comment on your blog to their username and to their writings.

With the blog site providing the link between people’s writings and
their public keys, you can send encrypted messages to the other
people, knowing it can only be read by that person.

Effectively, the blog site acts as an intermediate to introduce
strangers to each other. All it needs to do is to check that usernames
are unique and publish signed messages.

If you are a blogger with your own blog at the site but you want to
blog under a different pseudonym on someone else’s blog, just create a
second, or third/fourth ecca-identity. Let your browser do the hard part of
making it easy for you to switch identities.