Re: ACTION-278 Hiding metadata for security reasons from noah_mendelsohn@us.ibm.com on 2010-02-08 (www-tag@w3.org from February 2010)

From: <noah_mendelsohn@us.ibm.com>
Date: Mon, 8 Feb 2010 14:43:05 -0500
To: Dan Connolly <connolly@w3.org>
Cc: ashok.malhotra@oracle.com, "Mark S. Miller" <erights@google.com>, Jonathan Rees <jar@creativecommons.org>, Larry Masinter <masinter@adobe.com>, Tyler Close <tyler.close@gmail.com>, "www-tag@w3.org" <www-tag@w3.org>, www-tag-request@w3.org
Message-ID: <OF6ADA2DCB.BF544E90-ON852576C4.006B9E75-852576C4.006C0019@lotus.com>

Dan Connolly wrote:

> The unguessable URI pattern can be made about as secure as you 
> like; in particular, as secure or more secure than passwords+cookies.

Dan, could you clarify?  It seems to me that the usage patters for 
cookies, and for passwords+cookies, are so much different than the general 
case for URIs.  Realistically, cookies don't get written on the sides of 
buses.  At least sometimes, URIs do.  More to the point, URIs wind up in 
email logs, address bars, are sent to anti-phishing services, etc. 

As Larry pointed out rather eloquently, I don't think we can usually talk 
about something being "more secure" or "less secure" without bounding the 
range of use cases, the range of threats or information leakage modes that 
are a concern, etc.  Maybe if you clarify the scenarios you have in mind, 
it will be easier to understand your claim.  Thank you.

Noah

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Dan Connolly <connolly@w3.org>
Sent by: www-tag-request@w3.org
02/08/2010 10:32 AM

        To:     ashok.malhotra@oracle.com
        cc:     Larry Masinter <masinter@adobe.com>, Jonathan Rees 
<jar@creativecommons.org>, Tyler Close <tyler.close@gmail.com>, 
"www-tag@w3.org" <www-tag@w3.org>, "Mark S. Miller" <erights@google.com>, 
(bcc: Noah Mendelsohn/Cambridge/IBM)
        Subject:        Re: ACTION-278 Hiding metadata for security 
reasons

On Sun, 2010-02-07 at 14:50 -0800, ashok malhotra wrote:
> Hi Larry:
> This is useful.
> Non-public URIs provide a weak level of security that is held to be 
> adequate for some usecases.
> I wonder if there is disagreement with the above statement.

I disagree.

The unguessable URI pattern can be made about as secure as you like;
in particular, as secure or more secure than passwords+cookies.

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Monday, 8 February 2010 19:40:52 UTC