I want to participate as a student in this years summer of code. My project idea is encrypt rss feeds. I have been researching on this idea for quite some time. This idea was originally proposed here http://drupal.org/node/237628.
ABSTRACT: Creating a module that authorizes a user to view feeds behind a login and encrypt them for secure transmission. As of now no reader on the web provides this interface. This can be very useful for websites that want only a particular group of people to view a particular set of feeds but not all. Also could be useful for blogging and social networking.
IMPLEMENTATION: My idea is to have a token based authentication system, for giving access to the users and using a PKI for key exchange and a symmetric encryption system for providing confidentiality of the feeds. The secure RSS feeds are provided as a web service.
DISCUSSIONS: I have tried to exactly pin point advantages of secure RSS feeds. The discussion is herehttp://security.stackexchange.com/questions/26606/why-would-someone-want-to-encrypt-rss-feeds.
As I have said my inspiration came from TokenAuth, the present TokenAuth module isnt helpful for authentication because, the same token is used multiple times, this is insecure because it is vulnerable to replay attacks. This discussion can be found here: https://security.drupal.org/node/82228. So this prompts us to create a more secure tokenauth system.
I have also tried before to create a module for this, in my sandbox here:http://drupal.org/sandbox/AnuroopKuppam/1895988. This as a matter of fact is a design failure, I am working on a more feasible and secure system.( Thats why this sandbox doent contain any code).
Some people might argue that using HTTPS might solve the problem, but it wouldnt. This is because we are providing secure rss feeds as a web-service and as I have said before this module will be very helpful for bloggers and bloggers unfortunately wouldnt use https. The W3C actually mentions a special way for xml encryption for this very reason.
I WANT YOUR INPUTS REGARDING this IDEA, and WHETHER ITS WORTH pursuing this goal.
Details: I am an sophmore at Dhirubhai Ambani Institute for Information and Communication Technology(DAIICT) India, and a researcher at the Network Security and Cryptography research Lab @DAIICT. Although my experience with drupal is quite less, I have been here only for a few months, but managed to become the maintainer of some modules like the AES module.