SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests
AoC Candidate: Arturo Busleiman (a.k.a Buanzo)
Project coordinator: Dinis Cruz
Project Progress: 70% Complete, Progress Page
Buanzo -Firefox Addon (Enigform) and Apache Module (mod_openpgp) to extend HTTP with OpenPGP capabilities
Arturo "Buanzo" Busleiman
I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994, when BBSes and Linux still lived together.
A quick search for buanzo on google  will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile..
In my free time I like playing with my Punk-Pop band , Futurabanda. , and maintaining my Restaurants, Wines and Recipes site. . I have to admit that my first priorities are my beloved son  and my wonderful wife .
I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 . I'm currently writing an Internet Draft to be proposed for RFC named "OpenPGP Extensions to HTTP".
I "run" the 2600 meetings site for Argentina , I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances  and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina .
Enigform  is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs and/or encrypts outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project .
Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.
Some simple PHP code is enough to make a web application Enigform-aware . The Smutty PHP MVC Framework already supports Enigform , but the best approach is to use the Apache module I'm writing, called mod_auth_openpgp (which will be renamed to mod_openpgp as it evolves).
Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in MS IIS, and port Enigform to other browsers and/or programming languages, and also provide OpenPGP De/Encryption support.
Why should I be selected
I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the international security community, and I firmly believe Enigform is my greatest idea so far.