[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Referents and pointers.
>There's no reason why SDSI couldn't support both. Just use an object that
>is a (URI,hash) pair:
>
> ( Photo: [image/gif] ( Pointer:
> ( Object-Hash: ( SHA-1 #4F63A1 ) )
> http://pictures.place.org/smith.gif ) )
>as opposed to including the actual data:
>
> ( Photo: [image/gif] =Yu7gj9D+zX2C... )
>
>It's debatable whether the [image/gif] tag is needed in the Pointer: case.
>With HTTP it probably isn't, but it's probably helpful with FTP or GOPHER.
I think that if you include such a powerful mechanism as pointer references you
are likely to want to use it throughout. You have effectively created a secure
referencing mechanism. We can then use that for delegation.
If we make the keys into URIs then we can develop a syntax for a generalized
secure inclusion mechanism consisting of a type, a reference link (ie URI) and
an authenticator, either a hash of the absolute value of the object or a key for
signature or MAC validation.
I think that as a general rule it would be nice to incorporate such a link
structure into HTTP. S-HTTP had something along these lines but I think rather
too much crypto ended up in the result.
I think that it would be usefull to bring the type information into the
certificate irrespective of whether http was being used or not. At this stage I
don't think that there is much need to worry overmuch over ftp or gopher. FTP
causes few problems but offers nothing that http does not except for ubiquity.
Gopher URLs have severe security problems in themselves (like permitting
connections to mail and finger ports) and the gopher people insisted in them not
being hierarchical with the result that they are not particularly usefull for
much of anything.
I would be more interested in adding a finger: URL which could then be used as
some sort of "business card" type of interface.
Phill
Follow-Ups:
References: