[
Lists Home |
Date Index |
Thread Index
]
Bullard, Claude L (Len) wrote,
> Tim Bray assured us on the www-tag list that the namespace UR:/URI in
> no way is a security issue and cited his experience with security
> agencies of the US Government. I gotta believe they thought about
> this.
Why?
OK, maybe US government security agencies have, but what about everyone
else?
> In effect, the protocol designer has to specify what is to be done
> via automagic dereferencing as URIs are always dereferenceable.
Right, but protocols with security flaws aren't exactly unknown. And
even if the protocol nails everything down precisely, there are buggy
implementations. And even if an implementation is perfect, it's
environment might not be ... a teensy bit of DNS cache poisioning can
turn a harmless seeming URI into a dangerous one.
Cheers,
Miles
|