URN Resolution Security and Privacy Issues

Fisher Mark (FisherM@is3.indy.tce.com)
Mon, 10 Jul 95 11:41:00 PDT


From: Fisher Mark <FisherM@is3.indy.tce.com>
To: "'URI'" <uri@bunyip.com>
Subject: URN Resolution Security and Privacy Issues
Date: Mon, 10 Jul 95 11:41:00 PDT
Message-Id: <30017541@MSMAIL.INDY.TCE.COM>


Because the mere knowledge that a string is a valid URN can useful in some 
contexts, it is advisable to have mechanisms that prevent the discovery of 
this fact.  Any generally useful resolution service must be able to not only 
refuse to resolve a URN (or URL), it must be able to avoid giving the 
impression that what was handed to it was a valid URN or URL to begin with. 
 This gives maximum flexibility to the URN/URL "owner", as they can use very 
specific names 
(<urn:engulf_and_devour/1995/long_range_plan/enslave_western_world>) without 
fearing that anyone with a browser can verify that such a URN/URL exists. 
 Unfortunately, some people still think:
     Login: urn-wizard
     Pass: timbl-is-god
     Password incorrect
is an acceptable method for reporting authentication errors...

The very pattern of resolution requests could yield useful information to a 
hostile entity.  As "Even databases that lie can be compromised" stated 
(possibly my favorite journal article title of all time :)), if you let any 
information out, it is likely it can be used to discover information you 
don't want to let out.  Traffic analysis can even be mostly avoided (at 
considerable expense of network bandwidth) by keeping a continuous encrypted 
TCP/IP connection open with continuous, mostly random transmissions of data.

All security and privacy considerations for other electronic transmissions 
apply to UR[NL] resolution requests.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN