W3C home > Mailing lists > Public > www-tag@w3.org > January 2012

ISSUE-31 another data point re secret URLs

From: Jonathan A Rees <rees@mumble.net>
Date: Tue, 17 Jan 2012 13:33:20 -0500
Message-ID: <CAGnGFM+cuFb8SuqL7LsjRHJCe+8+nUgLRxHMp7e1ppwXwpusqQ@mail.gmail.com>
To: www-tag@w3.org
I know this discussion is not active, but it never did get resolved.
In case we should ever choose to take it up again, I would like the
following information to be connected to ISSUE-31.

The following document section

  http://dev.w3.org/html5/spec/Overview.html#custom-handlers

says

  "Leaking Intranet URLs. The mechanism described in this section can
result in secret Intranet URLs being leaked, in the following manner:"

which agrees with Tyler Close's opinion that some URLs sometimes need
to be kept secret, and that when this is the case, that they should
be.

Had the editor(s) of this document (or maybe the corresponding WG)
been of the opinion that keeping URLs secret is either a lost cause or
a bad idea, I think their security advice would have been different.

At least one TAG member did not share this view, which is one reason
that the discussion stalled and the issue remains in pending review
state.

Jonathan
Received on Tuesday, 17 January 2012 18:33:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:44 GMT