Announcing httpsy://, a YURL scheme

[Ian Grigg]

Michael_Heyman at NAI.com wrote:

> A YURL aware search engine may find multiple independent references to a
> YURL, thus giving you parallel reporting channels, and increasing trust.
> Of course, this method differs from the YURL method for trust. The
> parallel channel method assigns a trust value to a site by querying the
> YURL aware search engine.

That's an extraordinarily good idea!  It reminds
me of the technique for determining banks SWIFT
codes.  It seems that the banks often don't really
know themselves, so if you do a google search on
the bank name and the word 'SWIFT' you will find
lots of merchants that already quote it on the net!

Now, one thing that could be done against such a
situation is to poison the search engine with false
URLs in advance of some mailing.  This is relatively
easy, although, will result in a lot of trails which
might give indicators to the perp, so I'd count that
as an expensive technique, and thus, the utility
of the URL searching still remains high.

YURLs are meant to be cached by the browser, I found
that somewhere in the documents but do not recall
where.  The same obviously goes for Simon Josefsson's
crypto-URLs, as mentioned by Trevoer Perrin.

This is
the really neat part, in that when we start to think
of server authentication as a volume & correlation
problem - as expounded on by Mark Miller - rather
than a one-supreme-quality problem, not only do we
achieve sufficient security for most purposes, we
do it with no more than the free net resources.

And, it has the additional benefits of matching
real life, and returning our Internet back to a "no
permission needed" society.

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com