2009/7/16 David Wood <david@zepheira.com>
> I must agree. Security by obscurity is not the best approach, even though
> it appears to give some short-term benefits. See Schneier's analysis [1],
> for discussion. Changing URLs by algorithm is just another form of
> obscurity, which yields fragility and fails badly in the case where the
> algorithm can be uncovered.
>
> TimBL, et al, didn't say that URIs are cool because they don't change, they
> said that URIs that don't change are cool for some very good reasons.
>
I heartily agree too. If the suggestions at the URL Reilly Hayes posted were
followed, they would provide scant security benefits at great cost to web
users and especially web archivists.
Nonetheless, I'm grateful to Reilly for bringing the proposal to the list's
attention. That some shortsighted developers might adopt the proposal's
recommendations is something we should be aware of and should also - I think
- be ready to oppose.
Regards,
Sam