Re: URI Instability as a Goal from David Wood on 2009-07-16 (public-lod@w3.org from July 2009)

From: David Wood <david@zepheira.com>
Date: Thu, 16 Jul 2009 11:12:42 -0400
To: Eric Hellman <openurl@gmail.com>
Cc: Reilly Hayes <rfh@metaweb.com>, public-lod <public-lod@w3.org>
Message-Id: <1E136FF7-6454-4748-A201-A635A626467E@zepheira.com>

I must agree.  Security by obscurity is not the best approach, even  
though it appears to give some short-term benefits.  See Schneier's  
analysis [1], for discussion.  Changing URLs by algorithm is just  
another form of obscurity, which yields fragility and fails badly in  
the case where the algorithm can be uncovered.

TimBL, et al, didn't say that URIs are cool because they don't change,  
they said that URIs that don't change are cool for some very good  
reasons.

Regards,
Dave

[1]  Bruce Schneier, Secrets & Lies; Digital Security in a Networked  
World, Wiley Computer Publishing, 2000, pp. 344.

On Jul 16, 2009, at 9:26 AM, Eric Hellman wrote:

> The suggestion in this so-called security brief is not even secure.
>
> On Jul 15, 2009, at 2:24 PM, Reilly Hayes wrote:
>
>>
>> http://msdn.microsoft.com/en-us/magazine/dd458793.aspx
>
> Eric Hellman
> President, Gluejar, Inc.
> 41 Watchung Plaza, #132
> Montclair, NJ 07042
> USA
>
> eric@hellman.net
> http://go-to-hellman.blogspot.com/
>
>
>

Received on Thursday, 16 July 2009 15:13:19 UTC