W3C home > Mailing lists > Public > uri@w3.org > August 2003

RE: URI scheme listing for httpsy

From: Larry Masinter <LMM@acm.org>
Date: Thu, 14 Aug 2003 00:32:49 -0700
To: "'Tyler Close'" <tyler@waterken.com>, uri@w3.org
Message-id: <002501c36236$480f63b0$faa52099@MasinterT40>

This specification doesn't make a lot of sense to
me. Why again isn't this an extension to
https? Why does it need its own scheme?

You write 

"When interpreted by an HTTPSY-unaware client, etc. etc."

but how can you give rules for what a client should
do, if the client doesn't pay attention to the rules
in this document?



> -----Original Message-----
> From: uri-request@w3.org [mailto:uri-request@w3.org] On 
> Behalf Of Tyler Close
> Sent: Monday, August 11, 2003 8:39 AM
> To: uri@w3.org
> Subject: URI scheme listing for httpsy
> 
> 
> 
> Please add a link for the httpsy URL scheme to:
> 
http://www.w3.org/Addressing/schemes.html

The specification for the httpsy URL scheme is:

http://www.waterken.com/dev/YURL/httpsy/

Excerpt:

>             Waterken(TM) YURL
> Authentication of TLS Upgrade Within HTTP/1.1
>
> This specification defines a mechanism for authenticating an
> HTTP server based on the hash of its public key, instead of a
> trusted certificate from a certificate authority.
>
> Abstract
>
> Before sending a request to a resource identified by an httpsy
> URL, a client MUST complete a mandatory upgrade to TLS/1.0. The
> client authenticates the server by constructing a valid
> certificate path to a certificate that is signed using a public
> key whose hash matches that given in the httpsy URL.

If you would like to learn more about the purpose of the httpsy
URL scheme, start with the documentation tree rooted at:

http://www.waterken.com/dev/YURL/

Thank you,
Tyler

-- 
The union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Received on Thursday, 14 August 2003 03:33:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 January 2011 12:15:32 GMT