[
Lists Home |
Date Index |
Thread Index
]
Bullard, Claude L (Len) wrote:
> Tim Bray assured us on the www-tag list that
> the namespace UR:/URI in no way is a security issue
> and cited his experience with security agencies
> of the US Government. I gotta believe they
> thought about this. In effect, the protocol
> designer has to specify what is to be done
> via automagic dereferencing as URIs are always
> dereferenceable.
I don't believe this for a second and hope I didn't say that. Should
something like RDDL take off it would provide a convient place for
black-hats to point to subversive code that does nasty stuff.
Note that dereferencing a URI via GET is in principle and as far as I
can tell in practice safe, assuming you protect against infinitely-large
resource representations. Acting on the data you get carries risk that
is in principle and in practice unbounded and requires all sorts of
trust infrastructure -Tim
|