- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 13 Jun 2023 17:47:19 +0200
- To: "Hubauer, Thomas" <thomas.hubauer@siemens.com>
- Cc: "semantic-web@w3.org" <semantic-web@w3.org>
- Message-ID: <CAKaEYhJ73RC8Hkgyz9VJirF4v83QPtmXZjSd_3fkDYB9TzYG9Q@mail.gmail.com>
út 13. 6. 2023 v 17:37 odesílatel Hubauer, Thomas < thomas.hubauer@siemens.com> napsal: > Hi SemWeb community, > > > > One of my projects is considering making some of our ontologies accessible > to customers. As part of these considerations, we have been discussing > resolving ontology references (e.g. for imports) which lead us to some > lengthy arguments about http:// vs. https:// as protocol part in our URIs > (primarily ontology URIs, potentially element URIs as well). > > > > I am aware of a 2016 post ( > https://www.w3.org/blog/2016/05/https-and-the-semantic-weblinked-data/) > stating that W3C currently considers http and https to be “equivalent” for > w3c.org. However, the security guys I am working with are not too happy > with this as using a http URI for downloading imported ontologies is > vulnerable to a man-in-the-middle attack. > > > > I was unable to find any more recent statement by the W3C on the use of > http vs. https. Specifically, I’d be interested to understand if this > community (and the W3C) intend to stick with http for the foreseeable > future, of if there’s any plans to migrate some/all URIs (e.g. ontology > URIs but not element URIs) to https ? Would be nice for us to understand > what “the outer world” plans so we can maybe take this as a blueprint for > our own guidance on URIs. > I'm with TimBL on this: "HTTPS Everywhere" considered harmful https://www.w3.org/DesignIssues/Security-NotTheS.html The Semantic Web has been around for a couple of decades. Is there any documented instance of an MITM attack on an ontology ever causing an issue? > > > > Best regards, > > Thomas > > > > >
Received on Tuesday, 13 June 2023 15:47:37 UTC