Tyler Close
Sat, 13 May 2000 12:26:51 -0400

Some elaborations.

> When the user clicks on an HTML anchor that has an HTTPY href, the
> browser passes the URI to its HTTPY protocol handler. This protocol
> handler contacts an SLS (Site Location Service, like E's
> Vat Location
> Service) server, and sends it a location request for the public key
> hash. The SLS server responds with an IP address and a DNS-style
> hostname.

The SLS server responds with a contact list of ( IP address, protocol,
DNS-style hostname ) tuples, where protocol is one of { HTTPS, HTTP }.
This contact list is sorted in order of increasing ping time from the
SLS server to the indicated IP address.

As with E's VLS, the protocol handler iteratively tries each possible
contact until a successful connection is made.

If the SLS is 'near to' the client computer, then this simple scheme
should eliminate the need to list multiple mirror sites on web pages.
It can also be used for load balancing and redundancy.

> The protocol handler then initiates an HTTPS
> connection with
> this IP address and hostname. In the server certificate
> authentication
> stage of the SSL protocol, the HTTPY protocol handler ignores any
> signing information on the server's certificate, using
> instead the key
> hash contained in the HTTPY URI. If the server does not
> respond to the
> SSL connection attempt, then the HTTPY protocol handler attempts an
> HTTP connection. In this case, no authentication is done,
> so the user
> should be notified with an alert dialog.

This isn't done anymore. If the SLS specifies HTTPS, then try HTTPS.
If the SLS specifies HTTP, try HTTP directly. The fallback sequence is
determined solely by the SLS contact list.

> All it takes is a
> frisky web
> admin willing to submit the site's public key hash, IP address and
> hostname to an SLS. Since you're not modifying the site in any way,
> the boss will never notice. It has to be the web admin, since you'd
> have to prove knowledge of the private key corresponding to
> the public
> key hash in order for the SLS to accept the entry.

site admin sends a message of the form:

This message is signed with the site's private key. (PGP?)

The SLS verifies the signature. If the modification number is greater
than the current modification number, the entry is added/updated, and
the SLS forwards the message to all of its peer SLSs. In this way,
information propagates through the web of SLSs, but each SLS can
independently maintain the integrity of its database.

If the SLS can send and receive email, then anyone with PGP would
already have the software they need to list a new web site. Generate a
new key pair, write the XML message and fire it off. Within seconds
you can start serving requests with your fingerprint as your domain
name. Need some software to format a PGP key pair as a pair of SSL
certs. Does PGP have this?

Mark, I remember you doing something with IANA to register pluribus. I
remember this gave pluribus its port number, did it also give it the
'cap' protocol identifier? What would I do if I wanted the 'httpy'


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.