To: email@example.com Cc: firstname.lastname@example.org In-Reply-To: email@example.com's message of Mon, 10 Jul 1995 13:41:39 -0700 <95Jul10.firstname.lastname@example.org> Subject: Re: URN Resolution Security and Privacy Issues (fwd) From: Larry Masinter <email@example.com> Message-Id: <95Jul10.firstname.lastname@example.org> Date: Mon, 10 Jul 1995 13:47:42 PDT > Any URN registry service must be able to answer the question of whether a > URN exists in order to decide whether it can be assigned to a new object. It's clear that a URN registry service can be asked 'give me a new URN' without revealing answers to the question of 'is X a valid URN'. On the other hand, merely being able to ask 'is X a valid URN' might not reveal information if URNs contain sufficient random information to make guessing one difficult, or if URNs contain no external information like titles or dates, other than a sequence number. > If you're playing with confidential information, what is it doing on an > essentially public network, where security is basically nonexistent? This is not an assumption that any internet working group should make.