- From: Dan Connolly <connolly@w3.org>
- Date: Thu, 11 Feb 2010 13:52:31 -0600
- To: Larry Masinter <masinter@adobe.com>
- Cc: Tyler Close <tyler.close@gmail.com>, Tim Berners-Lee <timbl@w3.org>, John Kemp <john@jkemp.net>, "ashok.malhotra@oracle.com" <ashok.malhotra@oracle.com>, Jonathan Rees <jar@creativecommons.org>, "www-tag@w3.org" <www-tag@w3.org>, "Mark S. Miller" <erights@google.com>
On Wed, 2010-02-10 at 15:05 -0800, Larry Masinter wrote: > > A user-agent > > MUST NOT disclose representations or URIs, unless either explicitly > > instructed to do so by the user or as legitimately directed to by > > presented content. Since the user may wish to keep this information > > confidential, the user-agent must not assume it can be revealed to > > third-parties. > > While I'm sympathetic to the intent, this leaves undefined > the scope of "user agent" here, referent of "the user", > and the meanings of "disclose", "legitimately", "confidential", > "assume" and "third-parties". Those are all sufficiently well-defined for me. > Does "user agent" apply to, > say, archive.org (which might pick up a mailing list archive > of an email and scan what is supposed to be a 'private' > URL)? Yes; if the URI was supposed to be private, someone made a mistake in putting it somewhere that archive.org can get at it. > Does it apply to, say, news.google.com, which seems > to aggregate news from newspapers that have a "news reader" > registration and login requirements? Yes, "legitimately directed" is a term of art that is ground in normal social conventions; in this case, the normal social conventions aren't clear (the parties are suing each other) so we shouldn't be surprised that the term of art doesn't have a clear referent. > I don't think this is an effective path to pursue. There are > agents that use URIs, including browsers, crawlers, scanners, > aggregators, portals, bookmark sharing tools, translation > gateways, Internet Archive services. These agents, for better > or worse, have widely varying properties where information > retrieved by them is distributed further, including using > Referer, publishing access logs, peer sharing of cached > retrieved results, etc. Many of those deployed web agents > make the presumption that any material they access without > going through any particular access control mechanism may > be shared further without particular restriction, I don't believe that. On the contrary: the presumption is that the content provider has copyright and very limited rights are granted; in particular, right to redistribute/republish is not assumed. > although > in practice the distribution that happens is not widespread, > there are no guarantees. > > While "secret URLs" provide the appearance of adding some > amount of confidentiality to the results, in fact, there > are many circumstances where such URLs are disclosed, > by agents that are not browsers and whose update to follow > recommendations in _this_ document is unlikely. I find this claim hard to believe; if there are many agents that go spreading links around without being legitimately directed by their user, would you please give an example or two? > A false sense of security is worse than no security, > in many circumstances. > > If users wish to make material available to "anyone who > has the URL", that's fine, but don't make any promises > that this is a "security" mechanism, because it's not. Argument by assertion, in the face of tremendous evidence to the contrary. I'm not persuaded. > There is a kind of "security" I've heard called "yellow > ribbon security", which functions like the "yellow ribbon" > banner sometimes put up: > > "POLICE LINE DO NOT CROSS". > > Now, the yellow ribbon doesn't actually prevent anyone > from crossing it, it just puts the crosser on notice > that they are actually crossing a line someone (perhaps > even the police) do not want them to cross. > > It *might* be possible to make secret URLs into a > "yellow ribbon" security mechanism, if, for example, > the "unguessable" part of the URL were clearly > unguessable. (Random jumble of letters rather than, > say, random quotes from literature, which might not > look random.) What has that got to do with anything? The word "unguessable" is quite clear; we could slot in the actual information-theoretic definition, but I think it's quite clear from context. > Larry > -- > http://larry.masinter.net > > > > -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Thursday, 11 February 2010 19:52:34 UTC