home -> developer -> YURL -> Like

WaterkenTM YURL

Things that are Similar to YURLs

2003-06-21

YURLs are similar to other widely used and trusted technologies. This document lists these similarities.

PGP

In a PGP introduction, you provide a future correspondent with your email address and your PGP fingerprint. Later, the correspondent will download your key from a keyserver and authenticate it by checking that the fingerprints match. An email is encrypted to the authenticated public key before being sent to the target email address. Since you are the only one holding the corresponding private key, this process ensures that you are the only one who can receive the plaintext of the email.

The PGP message sending procedure enforces the y-property. Authentication of the message target is done relying solely on information obtained in the PGP introduction. The PGP fingerprint is the sole source of authentication information. PGP encrypts the email, providing a private communication channel. The target site is located using the email address.

The httpsy scheme uses the same implementation techniques found in a PGP introduction. The key-id fulfills the same function as the PGP fingerprint. The host fulfills the same function as the email address.

SSH

When first connecting to an SSH server, the user is presented with output like:

The authenticity of host 'mail.waterken.com (209.88.68.62)' can't be established.
RSA key fingerprint is 8c:4c:3b:56:4a:26:58:48:af:e3:2c:6d:f9:5f:0b:77.
Are you sure you want to continue connecting (yes/no)?

At this point, the user is supposed to verify that the RSA key fingerprint matches that of the installed SSH server. This information should be provided by the sysadmin who created the user's account on the server. If the fingerprints match, the RSA key is accepted and stored in the user's .known_hosts file. For all future connections, the SSH client software will verify that the server provided RSA key matches the previously stored key.

The SSH connection procedure enforces the y-property. Authentication of the server is done relying solely on information obtained in the introduction performed by the sysadmin. The RSA key fingerprint is the sole source of authentication information. Future connections leverage a cache, the .known_hosts file, containing only information derived from the introduction. SSH encrypts all traffic, providing a private communication channel. The target site is located using the server's domain name.

Both SSH and httpsy implement the y-property by completing a cryptographic handshake using the hash of the target site's public key instead of the PKI.

top

Copyright 2002 - 2003 Waterken Inc. All rights reserved.

Valid XHTML 1.0! Valid CSS!