No "L" (no love?) in Google's St Valentine's Logo

6.50am. Saint Valentine's Day. The day of Lovers. Oh yeah :P

As usual, I fired up Firefox and went to google.com.ar (yes, I'm from Argentina, but that was pretty obvious already). My wife noticed something weird with the Google Logo for this "Special" Day: It says Googe! That doesn't sound as the slang for Love in some obscure american dialect. SOunds more like an artistic mistake. Actually, I think the "L" is there, but it's just very badly designed.

Anyway, take a look at the logo. It's there on www.google.com - But, as soon as this day is over they're gonna replace it with the standard Google Logo, that's why I saved the St. Valentin's 2007 Logo without "L" here.

Yes. I know. This has nothing to do with consulting, Linux, programming... but what the hell!

Yours,
Buanzo

OpenPGP Signing of HTTP POST - Introducing Enigform

For years different methods for User Authentication and Session Management have been implemented:

• HTTP Authentication
• Cookies
• GET/POST values
• SSL Certificates
• A combination of all the above.

Regarding SMTP, e-mail has been digitally signed for a long time now, and it is a standard. Extending its usage to the HTTP protocol sounds like a natural idea.

By having the POST payload ("variable=test") signed using an ASCII armored, Clearsign, OpenPGP based procedure, the browsing user can provide Identity Authentication to that payload, thus adding all OpenPGP benefits to the HTTP POST request.

And that's exactly what I've been doing. I've created the Enigform Firefox Extension which, when you go to an Enigform-enabled website, will Digitally Sign using for local GnuPG keypair.

Currently the Extension works on any Unix like platform where GnuPG is available (and set-up), but OSX, Solaris and MS Windows compatibility code is under way).

Here you have, the Abstract of the document linked in this post:

This document describes an extension to the HTTP POST [RFC 2616] method that, along with compatible browser and server-Side software, allows the POST contents to be digitally signed, on the client side, and verified, on the server side, by means of an OpenPGP standard [RFC 2440] implementation on both sides. This allows web developers to add a new layer of security to their applications, and if correctly implemented will render data tampering / man in the middle attacks useless. The direct benefit of implementing this extension is that web developers will be able to verify the POST payload signature, potentially avoiding session management, and/or login procedures.

Go to http://www.buanzo.com.ar/sec/enigform.en.html and check out the progress. I'll have a demo website asap.