httpsy, SSH and eternal resource locator/WAX (Re: Announcing httpsy://, a YURL scheme)

Trevor Perrin trevp at
Wed Jul 16 00:25:17 EDT 2003

At 12:33 AM 7/16/2003 +0100, Adam Back wrote:

>I'm not that familiar with SFS, but httpsy sounds quite related to
>Anderson, Matyas and Peticolas' "eternal resource locator" [1], and
>the WAX system they describe in that paper.  This scheme allows a
>referer to embody in a URL they refer to authentciation information
>about the contents of the text in the body of the page referred to
>(either by SHA1 document hash, or by reference to a signing key the
>publisher of the referred page may use to sign and update that page's

A similar idea was discussed on the W3C's URI list[1].  Simon Josefsson had 
the clever idea of a URI scheme that binds an underlying URI to some 
"crypto data" such as document hashes, key fingerprints, and key URLs:




crypto:mailto:alice at[pgp_sha1=6e59.f7da.3613.57af.5952.1e5c.e8b3.3d8f.c30f.82b2,pgp_url=] 

The first example is like an httpsy URL.  The second gives a file and its 
md5 hash.  The third gives Alice's email address and PGP key.  These 
"cryptoURLs" could be used wherever URLs are, not just on the web.  For 
example, a signed XML document that uses cryptoURLs to reference external 
content would extend the signature over that content.  A protocol like LDAP 
that returns a URL referral to another server could return a cryptoURL so 
the client can securely access that server.

We sorta started an I-D, but it's not very far along[2]...



[2] (this is not a real Internet-Draft, despite boilerplate):

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list