-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Marc" == Marc Kneppers <marc @
Marc> You could sign the page with a public/private key signature and
Marc> then at least if people saw your info on a different web site,
Marc> they could grab your public key and check from the signature
Marc> that the info hadn't been altered (my understanding of these
Marc> types of signature is that the signature contains some
Marc> combination of your private/public key and a checksum of the
Marc> data - so only the person possessing the private key can create
Marc> the signature and the file checksum could be verified with the
Marc> public key).
This is really the best way to handle "secure" information, such as
prices, etc., that you don't want someone to be able to altar (and not
be able to prove the altaration is a fake) - even once it's on their
client. For an excellent of how digital signatures work in a public
key crypto system, see Schneier's book "Applied Cryptography,"
published by Wiley.
Now, incorporating the signature could get slightly tricky; you've
basically got two options:
1. Sign the entire HTML file or whatever part you want to protect,
putting the signature in a seperate file. (This would allow you
to have functional markup, etc.)
2. Sign a section of your page (price list, etc.), leave the
signature on the page, and slap <pre> and </pre> tags around the
signed part of the message and signature so the browser won't
screw around with the spacing (which will cause the signature to
not check out correctly.)
ViaCrypt PGP can be used for this purpose (it's only like $500) and
would actually be optimal - given what's available today - since just
about every paranoid has PGP, and everyone who doesn't can get it free
for their own use.
Check them out:
Oh, one other thing... you'll need to make sure that your public key
is sitting somewhere highly visible on your server so that people can
easily get it. You might want to consider putting it into the PGP
keyservers as well.
C Matthew Curtin [AT&T|Bell] Labs Internet Gateway Applications Group
http://www.att.com/homes/matt_curtin.html PGP OK cmcurtin @
-----BEGIN PGP SIGNATURE-----
Comment: Have you encrypted your data today?
-----END PGP SIGNATURE-----