- From: Tyler Close <tyler.close@gmail.com>
- Date: Sun, 27 Dec 2009 15:03:54 -0800
- To: noah_mendelsohn@us.ibm.com
- Cc: "Mark S. Miller" <erights@google.com>, Jonathan Rees <jar@creativecommons.org>, www-tag@w3.org
On Sun, Dec 27, 2009 at 12:00 PM, <noah_mendelsohn@us.ibm.com> wrote: > Tyler Close writes: > >> Good Practice: URI assignment authorities SHOULD NOT put confidential >> metadata in a URI whose protocol does not support confidentiality. > > Tyler, thank you for the toughtful comments. My pleasure, thank you for considering them. > I think what surprises me > about the above is the presumption that the URIs themselves are in common > cases restricted to use with particular protocols. I am presuming that a URI assignment authority can feasibly deploy URIs that will only be used with protocols that provide suitable protection. My web-key paper provides design advice on how to do so. My Waterken server software provides implementation support for following this design advice. Other developers have used their own designs and software to similar effect, some of which have achieved significant popularity. > Perhaps I'm > misunderstanding, but do you refer to protocols like HTTPS used with URI > schemes such as https? Yes. Is there a better way of stating this relationship? > My concern is that, even when such URIs and > protocols are used, the URIs themselves may be available in the clear, > e.g. in the client, or in pages linking the resource, or perhaps even in > certain intermediaries or logs. They certainly "may" be, but they need not be; my web-key paper explains how. Consequently, applications deployed to existing browsers can adequately protect the confidentiality of an unguessable URL. > The advice not to put confidential > information in URIs at all was motivated in part, I think, by such > concerns. If there were no value to putting confidential information in a URI, this may be good advice. However, since even the current text recognizes that there is value in making a URI unguessable, the advice is overly restrictive, to the point of self-contradiction. > I feel like I'm probably missing something about your proposal, > as I'm sure you've thought of such things. Thank you. I suspect it's more a question of perspective. Using unguessable URLs is a different way of looking at the Web. Adopting this alternate perspective is motivated by protection against a broad range of attacks, as well as application flexibility and interoperability gained through adherence to webarch principles. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Sunday, 27 December 2009 23:04:28 UTC