Re: URN Resolution Security and Privacy Issues (fwd)

Fisher Mark (FisherM@is3.indy.tce.com)
Tue, 11 Jul 95 06:53:00 PDT


From: Fisher Mark <FisherM@is3.indy.tce.com>
To: pierre <pierre@indirect.com>
Cc: uri <uri@bunyip.com>
Subject: Re: URN Resolution Security and Privacy Issues (fwd)
Date: Tue, 11 Jul 95 06:53:00 PDT
Message-Id: <300284E5@MSMAIL.INDY.TCE.COM>


>On the other hand, merely being able to ask 'is X a valid URN' might
>not reveal information if URNs contain sufficient random information
>to make guessing one difficult, or if URNs contain no external
>information like titles or dates, other than a sequence number.

Let's say that we received the URN from a reasonably but not completely 
reliable spy; it could be for industrial espionage, military spying, or 
private detective work; it doesn't matter.  Knowledge of whether the URN is 
valid helps to confirm the reliability of the data, whether or not we can 
actually resolve the URN.  If we cannot verify whether it is even a valid 
URN (much less resolve it), the knowledge that there might be such a URN is 
pretty much useless.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN