• SubhostPetnames

Sub-host petnames for the web

Background

Tyler Close's Petname toolbar extension for Firefox provides a way for the user to assign petnames to web sites. Petnames are tied to hosts (or specifically, to HTTPS host certificates).

This has two limitations:

• It does not help in distinguishing two pages hosted by the same host. If the pages have web-key URLs, it is difficult to visually distinguish them.
• It does not allow a logical site to be split across multiple hosts.

We could improve upon this if sites co-operate in establishing identities which can be tied to petnames.

Strawman proposal

A participating web page provides the following:

• a public key in a <meta> field

• a nickname in a <meta> field

• a signature in a <meta> field

  • To verify the signature, verify it on a copy of the page from which this <meta> field has been removed.

  • This is based on Zero-Install's method for signing its XML feed files: it puts the signature in an XML comment.

Problems:

• Not suitable for HTML files that are incrementally generated by the server.
• Vulnerable to replay attacks.