W3C home > Mailing lists > Public > uri@w3.org > July 1995

Re: URN Resolution Security and Privacy Issues (fwd)

From: Larry Masinter <masinter@parc.xerox.com>
Date: Mon, 10 Jul 1995 13:47:42 PDT
To: pierre@indirect.com
Cc: uri@bunyip.com
Message-Id: <95Jul10.134746pdt.2762@golden.parc.xerox.com>
> Any URN registry service must be able to answer the question of whether a 
> URN exists in order to decide whether it can be assigned to a new object.

It's clear that a URN registry service can be asked 'give me a new
URN' without revealing answers to the question of 'is X a valid URN'.

On the other hand, merely being able to ask 'is X a valid URN' might
not reveal information if URNs contain sufficient random information
to make guessing one difficult, or if URNs contain no external
information like titles or dates, other than a sequence number.

> If you're playing with confidential information, what is it doing on an 
> essentially public network, where security is basically nonexistent?

This is not an assumption that any internet working group should make.
Received on Monday, 10 July 1995 16:48:30 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:31 UTC