> That's quite reasonable, but it doesn't change the fact that people (and >software) expect to be able to resolve URI without consequence. this water passed under the bridge long ago. even HTTP isn't resolvable without consequence. HTTP URLs are routinely used to leak private information about users to third parties - either using cookies, or using information embedded in the URL. that and since *most* URI prefixes are unregistered, using the registration process to discourage inappropriate URI use clearly won't work. I agree with Patrik - the most effective strategy we know is to insist that the definition of a URI prefix also describe its security considerations. KeithReceived on Sunday, 25 November 2001 11:22:26 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:29 GMT