Lists Home |
Date Index |
On Monday 11 February 2002 04:16 pm, Simon St.Laurent wrote:
> On Mon, 2002-02-11 at 13:44, Paul Prescod wrote:
> > Every message should result in a new URI. The URI represents the
> > current state of the transaction. You point to the last URI you
> > got.
> That's sort of vaguely usable, though I don't think I'd want to
> implement anything deeply recursive on that.
Actually, the above is bogus because the URI has gone from being
opaque to encoding application state (to those that understand the
application) and you may or may not wish to disclose that to an
> Sure. And if someone else comes along and changes the state out
> from under your label, how much good is your label?
Which is what a malicious intermediary can do. As soon as you use SSL,
visibility is gone...