Re: http+aes URI scheme

On 3/8/2012 11:53 AM, Jonathan A Rees wrote:
> This idea should be cross-referenced with the thread that began here
> which never got resolved (basically whether 'secret URIs' are good practice
> vs. bad practice).

I was thinking exactly the same thing, but hadn't taken the trouble to dig 
up the old thread.

FWIW: I remain in the camp that chooses to believe that, except perhaps in 
very specific cases, asking user agents and network systems to protect (for 
whatever definition of "protect") either Request-URIs or hrefs found in 
links is probably a mistake. If it had been spelled out as a requirement on 
day 1, well maybe, but we have a lot of software already deployed that 
deals with Request-URIs, traffic logs, pages, with links, etc., and it 
seems late to be stating new requirements on managing those things securely.


Received on Thursday, 8 March 2012 17:50:53 UTC