- From: <noah_mendelsohn@us.ibm.com>
- Date: Fri, 5 Dec 2003 10:44:51 -0500
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Tim Bray <tbray@textuality.com>, Tim Berners-Lee <timbl@w3.org>, "'www-tag@w3.org'" <www-tag@w3.org>
FWIW, when and if the TAG does decide to tackle the https issue I think it would be worth a brief cross reference to the metadata in URI discussion, and the whole URI opacity question. For knowledgeable users, seeing in advance that a URI uses https is at least a strong hint that communication will be at least somewhat secure against certain attacks. By the way, I tend to agree with Roy's position on the underlying issue, and I don't think that sticking with a scheme-based approach contradicts anything the tag has said in the metadata in URI discussion. I'm merely suggesting that, as you resolve the https: question now or in the future, it would be worth clarifying the senses in which the URI is opaque vs. transparent, and explaining that it is appropriate to some extent for a human or machine user of the resource to infer security characteristics by inspection of the URI. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Friday, 5 December 2003 10:52:38 UTC