Re: secure URIs from Trevor Perrin on 2003-05-03 (uri@w3.org from May 2003)

From: Trevor Perrin <trevp@trevp.net>
Date: Sat, 03 May 2003 13:14:58 -0700
To: Simon Josefsson <jas@extundo.com>, "Clive D.W. Feather" <clive@demon.net>
Cc: uri@w3.org
Message-id: <5.2.0.9.0.20030503122209.0352cb68@pop.comcast.net>

At 09:00 PM 5/3/2003 +0200, Simon Josefsson wrote:

>"Clive D.W. Feather" <clive@demon.net> writes:
> >
> > A key fingerprint for the server is perhaps a useful thing, much more than
> > a hash of the document. But doesn't https give you that via another path
> > already? I'm not convinced that putting the key into every URL is the right
> > approach.
>
>It isn't.  It is only useful if the URI you received is signed data.

To elaborate a bit:  it's useful if the URI is received over any "secure 
channel".  This might be:
  - an XML-DSIG signed document
  - a PGP or S/MIME-signed mail
  - an HTML page from an HTTP server on your intranet (assuming you trust 
your intranet and LAN)
  - an HTML page from an HTTPS server with a Verisign cert
  - an HTML page from an HTTPS server whose cert fingerprint matches a 
secure URL (i.e. you could follow secure URL links from one page to another)
  - an HTML page from an HTTP server, where the page's sha1 hash matches a 
secure URL (" " " ")
  - an HTML page from an untrusted HTTP server (a calculated risk/leap of 
faith - "as long as no-one is spoofing me right now, then by remembering 
this secure URL I'll be impervious to spoofing of the URL in the future")
  - a file transferred manually (handing over a disk or something)
  - a piece of paper (ugly but doable - a sha1 fingerprint will add about 
30 characters to the URL)
etc..

> > Both hashes and key fingerprints, however, merely move the problem one step
> > back - how do you know the URL contains the right hash/key? However you
> > solve that problem, why not apply it directly to the content?
>
>In some cases size is the limiting factor.

Also, the content may be dynamic - bookmarking the URL + SSL fingerprint 
for your bank's website will let you visit securely again and again, having 
the fingerprint and URL for my PGP key will let you have a long-running 
conversation with me, etc..

Imagine a federation of web sites linked together with secure URLs, and 
containing documents of all sorts (movies, pictures, etc.).  Once you go 
through the trouble to get a secure URL to any page in the federation, then 
you can navigate throughout the rest of it entirely on secure links.

Thus you can get the first secure URL through some limited secure channel 
(type it in from a magazine, email from a friend, leap of faith, etc.), but 
then securely navigate a wealth of resources..

Trevor

Received on Saturday, 3 May 2003 17:18:07 UTC