[
Lists Home |
Date Index |
Thread Index
]
At 8:02 AM -0500 1/7/04, Rich Salz wrote:
>I know. I was merely pointing out that REST lets the lower layers
>do things that it won't. Such as maintaining state on both sides
>of the connection which is (all together now) a requirement for good
>security.
It is not at all unreasonable for different layers of the network
stack to be allowed to do different things. Indeed they should.
Separation and non-duplication of concerns is a good general
principle of network design.
I think you've demonstrated that there are some minor issues with
security in the REST model over unencrypted HTTP, given current HTTP
authentication schemes. You have not demonstrated that it is a
fundamental principle that maintaining state on both sides of a
connection is a requirement for good security. At most, you have
shown that given current public key encryption algorithms and
available hardware, it is inefficient not to maintain some state on
both sides of the connection. However, given that faster hardware is
a near certainty and faster algorithms are far from inconceivable, I
certainly don't accept this as a fundamental principle.
In fact, I would go so far as to argue the opposite. The ideal case
is that the key be changed for each and every transaction. This is
computationally infeasible today. It may not be tomorrow. Maintaining
state and using the same key more than once is a necessary compromise
given the limitations of today's hardware and algorithms, just as
exchanging the encrypted password with each transaction as done in
digest authentication is a necessary and useful compromise between
the benefits of REST and the principles of good security.
--
Elliotte Rusty Harold
elharo@metalab.unc.edu
Effective XML (Addison-Wesley, 2003)
http://www.cafeconleche.org/books/effectivexml
http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
