The discussion here
http://groups.drupal.org/node/9719 consists of a great idea to encrypt RSS feeds of private posts. But the discussion there has been dead and not updated for quite some time.
This says that "
Overview: With Encrypted RSS/Atom feeds, buddylist-like features become possible cross-site. The project would be to develop a module which generates and consumes syndicated feeds, where reading them in only possible behind a login.
Details: With all of the social networking sites these days, decentralized ways of connecting across communities are still being developed. One thing that's impossible now is sharing private blog posts with someone outside of your group. This project touches on social networking, encryption, both of which are fascinating.
Drupal is a perfect platform for this, because of the wide use across micro-communities. With this module, two separate bloggers that use drupal should be able to share their private posts with each other without necessarily requiring a user name.
With this in place, future directions could lead to browser plugins which decrypt these feeds/microformats on a page with public keys."
Comments
A solution that I have in my mind.
I only had one thing in my mind while thinking about this, how would two bloggers using drupal able to share their private posts.
There are basically two main problems:
1. How to authenticate the blogger for private posts?
2. After authentication, the blogger will receive the private data, but we want the data not to be decrypted by the aggregator. One reason for this is that the feeds are stored in the database. One hack of the database by an adversary and the whole private information is flooded all over the internet. So the key is to store the feeds in the encrypted form itself in the database and decrypt it using javascript whenever the user is viewing it.
So this module provides for an token based authentication system. (I still havent figured out how to implement it).
Once the user has been authenticated, the blog providing the service asks for the public key of the user. Once the public key is obtained
it is then used to encrypt the secret key that will be used for the feed transmission only for this time. The encrypted key is received by the client ,decrypted using their private key and then the key is stored. The client sends an acknowledgement back, and the service providing blogger then encrypts the feeds using the shared secret (I am thinking of an AES encryption system) . Once the rss tagged with "encrypted" is received it is picked up by the javascript running in the browser(nothing but AES in js). The decrypted message is then displayed.
So even if the feeds are transmitted over an unsecure channel ( without SSL) the data is secure.
Sandbox for the module
I have created a sandbox for the module here http://drupal.org/sandbox/AnuroopKuppam/1895988
Any more ideas and views regarding this please leave them in the issue queue