Re: httpy:// Ben Laurie (ben@algroup.co.uk)
Sat, 13 May 2000 13:51:01 +0100

Tyler Close wrote:
> On the client side, the "only" thing you need to do is add the HTTPY
> protocol handler, and a configuration dialog for setting up SLS
> servers. Theoretically, it should be easy to add this to Mozilla. I
> say theoretically, since I wonder if AOL might nix the idea. They
> nixed the "turn off banner adds" option, so nixing a "disintermediate
> Network Solutions and VeriSign" option might fit their profile.
> Getting the protocol handler added to IE might prove impossible, at
> least at first. I imagine there's some money flowing between MS and
> VeriSign. Perhaps getting it into Mozilla would be enough of a
> kick-start.

They can't nix a publicly available patch :-)

> Some open questions:
> --------------------
>
> 1. Has somebody already thought of this too? Are they doing anything
> about it?

Hashes for names is also used in distributed anonymous storage nets (e.g. Enternity and Freenet).

> 2. Are the acronyms already taken? Are they any good? I added 'Y' to
> HTTP because it sort of looks like the lambda in the Granovetter
> Diagram. Sorta makes it look like a 'HIPPY' URL too ;)

I'm pretty sure HTTPY is not taken. You probably should check IANA, though - hmmm ... or do W3C own the URI namespace?

> 3. I think I remember reading that most SSL implementations already
> have the logic for using the public key hash instead of a CA cert. Can
> anyone verify?

OpenSSL does. It uses a pretty trivial scheme: softlink a file with the hash as the name to the cert file.

> 4. Anybody know anybody on the Mozilla team?

I talk to them occasionally. "Know" may be too strong a word, though. :-)

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html