HTTPSY – Leave the Certificate Authority Behind

From IIW
Jump to: navigation, search

Session Topic: HTTPSY: Leave the Certificate Authority Behind.

Wednesday 2C

Convener: Marc Stiegler/Alan Karp

Notes-taker(s): Marc Stiegler

Tags for the session - technology discussed/ideas considered: HTTPSY: a proposal for a protocol that eliminates the need for certificate authorities in many cases and enables placing sensitive information in a bookmarkable link. Also enables the creation of secure bookmarkable OAuth bearer tokens.

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Draft format of the new httpsy protocol proposal:

httpsy://algorithm:fingerprint@domain:port/path1/!redactedPath2/…

the protocol is httpsy. The algorithm is used to interpret the fingerprint, for example, “sha-256”. The fingerprint of the public key is used to challenge the server to prove that he is the holder of the public key, to foil DNS cache poisoning and similar attacks. Any part of the path prefixed with a bang “!” is redacted when the url is displayed in the window by the browser, in the referrer header, and in server logs.

Controversy over whether this improves the user’s situation with respect to phishing or makes it worse: on the one hand, the domain that people look at to see where they are is buried in a long string of gibberish, on the other hand, it can be claimed that the use of the domain to determine your location, in a world with millions of sites, necessarily not humanly distinguishable, is the source of the problem, not the solution.

System eliminates need for certificate authorities in many circumstances, the self-signed cert is adequate to prove that, if someone you trust gives you a link, you are guaranteed when you click the link to arrive at the place the trusted party intended for you to go.

Concern raised about untrustworthy parties sending you to untrustworthy places, but they can do that today anyway.

Often requires a “trust on first use” pattern similar to what you do with ssh.

Does not solve the problem with reliably going to a place that you saw on a billboard, since the billboard must be completely memorable.

The redacted parts prefaced with a bang can hold credentials, turning these links into unguessable self-authorizing links, suitable for use both as bookmarkable webkeys and as oauth bearer tokens.

Alan Karp and Marc Stiegler are leading a group that meets on Friday mornings, with people from HP, Google, PayPal, and others, to develop an RFC spec for httpsy.