- From: David Wood <david@zepheira.com>
- Date: Thu, 16 Jul 2009 11:12:42 -0400
- To: Eric Hellman <openurl@gmail.com>
- Cc: Reilly Hayes <rfh@metaweb.com>, public-lod <public-lod@w3.org>
Received on Thursday, 16 July 2009 15:13:19 UTC
I must agree. Security by obscurity is not the best approach, even though it appears to give some short-term benefits. See Schneier's analysis [1], for discussion. Changing URLs by algorithm is just another form of obscurity, which yields fragility and fails badly in the case where the algorithm can be uncovered. TimBL, et al, didn't say that URIs are cool because they don't change, they said that URIs that don't change are cool for some very good reasons. Regards, Dave [1] Bruce Schneier, Secrets & Lies; Digital Security in a Networked World, Wiley Computer Publishing, 2000, pp. 344. On Jul 16, 2009, at 9:26 AM, Eric Hellman wrote: > The suggestion in this so-called security brief is not even secure. > > On Jul 15, 2009, at 2:24 PM, Reilly Hayes wrote: > >> >> http://msdn.microsoft.com/en-us/magazine/dd458793.aspx > > Eric Hellman > President, Gluejar, Inc. > 41 Watchung Plaza, #132 > Montclair, NJ 07042 > USA > > eric@hellman.net > http://go-to-hellman.blogspot.com/ > > >
Received on Thursday, 16 July 2009 15:13:19 UTC