Re: URN Resolution Security and Privacy Issues

Fisher Mark (FisherM@is3.indy.tce.com)
Tue, 11 Jul 95 06:55:00 PDT


From: Fisher Mark <FisherM@is3.indy.tce.com>
To: Masinter Larry <masinter@parc.xerox.com>
Cc: "'URI'" <uri@bunyip.com>
Subject: Re: URN Resolution Security and Privacy Issues
Date: Tue, 11 Jul 95 06:55:00 PDT
Message-Id: <300281AD@MSMAIL.INDY.TCE.COM>


>Should your set of security issues be folded into
>draft-ietf-uri-urn-issues-00.txt?

Yes, I think it should.  (I'll need some guidance on what to do to help, as 
I have never done this before!)

It would be very shortsighted of this group to not address how Internet 
traffic patterns will change in the future.  I can see where much data and 
traffic would continue to be unencrypted and basically available to all and 
sundry (the current situation).  For that case, the only security 
consideration might be authentication.  However, there will be some subset 
of traffic that is designed to be opaque to everyone but the sender and 
receiver; not just military and intelligence folks, but buyers and sellers 
in the upcoming electronic markets of the Internet, as well as people who, 
for whatever reason, do not wish everyone to know their business.  As 
significant intelligence could be gleaned from examination of a URN/URL 
resolution, there should be provisions made for this resolution to be 
opaque.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN