[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Referents and pointers.




>There's no reason why SDSI couldn't support both.  Just use an object that
>is a (URI,hash) pair:
>
>	( Photo: [image/gif] ( Pointer:
>			( Object-Hash: ( SHA-1 #4F63A1 ) )
>			http://pictures.place.org/smith.gif ) )
>as opposed to including the actual data:
>
>	( Photo: [image/gif] =Yu7gj9D+zX2C... )
>
>It's debatable whether the [image/gif] tag is needed in the Pointer: case.
>With HTTP it probably isn't, but it's probably helpful with FTP or GOPHER.

I think that if you include such a powerful mechanism as pointer references you 
are likely to want to use it throughout. You have effectively created a secure 
referencing mechanism. We can then use that for delegation.

If we make the keys into URIs then we can develop a syntax for a generalized 
secure inclusion mechanism consisting of a type, a reference link (ie URI) and 
an authenticator, either a hash of the absolute value of the object or a key for 
signature or MAC validation.

I think that as a general rule it would be nice to incorporate such a link 
structure into HTTP. S-HTTP had something along these lines but I think rather 
too much crypto ended up in the result.

I think that it would be usefull to bring the type information into the 
certificate irrespective of whether http was being used or not. At this stage I 
don't think that there is much need to worry overmuch over ftp or gopher. FTP 
causes few problems but offers nothing that http does not except for ubiquity. 
Gopher URLs have severe security problems in themselves (like permitting 
connections to mail and finger ports) and the gopher people insisted in them not 
being hierarchical with the result that they are not particularly usefull for 
much of anything.

I would be more interested in adding a finger: URL which could then be used as 
some sort of "business card" type of interface.


		Phill

Follow-Ups: References: