W3C home > Mailing lists > Public > www-tag@w3.org > March 2012

Re: http+aes URI scheme

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Thu, 08 Mar 2012 12:50:26 -0500
Message-ID: <4F58F162.30500@arcanedomain.com>
To: Jonathan A Rees <rees@mumble.net>
CC: "www-tag@w3.org" <www-tag@w3.org>


On 3/8/2012 11:53 AM, Jonathan A Rees wrote:
> This idea should be cross-referenced with the thread that began here
>
> http://lists.w3.org/Archives/Public/www-tag/2009Dec/0122.html
>
> which never got resolved (basically whether 'secret URIs' are good practice
> vs. bad practice).

I was thinking exactly the same thing, but hadn't taken the trouble to dig 
up the old thread.

FWIW: I remain in the camp that chooses to believe that, except perhaps in 
very specific cases, asking user agents and network systems to protect (for 
whatever definition of "protect") either Request-URIs or hrefs found in 
links is probably a mistake. If it had been spelled out as a requirement on 
day 1, well maybe, but we have a lot of software already deployed that 
deals with Request-URIs, traffic logs, pages, with links, etc., and it 
seems late to be stating new requirements on managing those things securely.

Noah
Received on Thursday, 8 March 2012 17:50:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:43 UTC