[cap-talk] Web introductions, fingerprint service

[James A. Donald]

     --
Bill Frantz wrote:
 > Well, it doesn't match the business model of the
 > current CAs, but I think we would be better if each
 > company acted as its own top-level CA. (I'll fudge and
 > say that there might be a service for small companies,
 > but I think the level of effort is low enough for even
 > Periwinkle to act as its own CA.
 >
 > By having the company act as a CA, they can change
 > their operational keys as often as the want. They can
 > have separate keys for each server they run. All the
 > time, they keep one identity.
 >
 > The fingerprint of the public key of the company CA is
 > then widely used to identify the company. So when I
 > see that cnet gives projectorpeople.com a **** rating
 > on their web site, they also show me the fingerprint
 > of the CA key.
 >
 > Providing the fingerprints for ecommerce sites would
 > give Google, Yahoo etc. something else to monetize.

A yurl <http://www.waterken.com/dev/YURL/> contains both
a fingerprint of the site's public key and information
necessary to find the current network address of the
site.  yurls would accomplish what urls plus ssl
certificate's fail to accomplish.

A major security flaw with today's internet is that
routers are entirely insecure.  It is quite easy to
claim ownership of other people's IP numbers, thus easy
to have the packets intended for the bank routed to
oneself.  We have not yet seen a lot of this attack, but
probably will in future.  Proposed fixes for this
problem seem unlikely to be successfully implemented.
Governments are already using this flaw to silently
censor the internet, redirecting packets from sites that
provide information they do not like to their own fake
sites, thereby not only censoring the target sites, but
censoring the fact of censorship.