- From: Larry Masinter <LMM@acm.org>
- Date: Thu, 14 Aug 2003 00:32:49 -0700
- To: "'Tyler Close'" <tyler@waterken.com>, uri@w3.org
This specification doesn't make a lot of sense to me. Why again isn't this an extension to https? Why does it need its own scheme? You write "When interpreted by an HTTPSY-unaware client, etc. etc." but how can you give rules for what a client should do, if the client doesn't pay attention to the rules in this document? > -----Original Message----- > From: uri-request@w3.org [mailto:uri-request@w3.org] On > Behalf Of Tyler Close > Sent: Monday, August 11, 2003 8:39 AM > To: uri@w3.org > Subject: URI scheme listing for httpsy > > > > Please add a link for the httpsy URL scheme to: > http://www.w3.org/Addressing/schemes.html The specification for the httpsy URL scheme is: http://www.waterken.com/dev/YURL/httpsy/ Excerpt: > Waterken(TM) YURL > Authentication of TLS Upgrade Within HTTP/1.1 > > This specification defines a mechanism for authenticating an > HTTP server based on the hash of its public key, instead of a > trusted certificate from a certificate authority. > > Abstract > > Before sending a request to a resource identified by an httpsy > URL, a client MUST complete a mandatory upgrade to TLS/1.0. The > client authenticates the server by constructing a valid > certificate path to a certificate that is signed using a public > key whose hash matches that given in the httpsy URL. If you would like to learn more about the purpose of the httpsy URL scheme, start with the documentation tree rooted at: http://www.waterken.com/dev/YURL/ Thank you, Tyler -- The union of REST and capability-based security: http://www.waterken.com/dev/Web/
Received on Thursday, 14 August 2003 03:33:07 UTC