----- Forwarded message from Nick Lothian <[EMAIL PROTECTED]> ----- From: Nick Lothian <[EMAIL PROTECTED]> Date: Tue, 27 Sep 2005 11:05:31 +0930 To: "Peer-to-peer development." <[EMAIL PROTECTED]> Subject: RE: [p2p-hackers] Re: [rest-discuss] Re: RESTful authorization Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]>
> > p2p-hackers, meet rest-discuss. rest-discuss, I'd like to > introduce you to p2p-hackers. > > RESTafarians: there is a long-running conversation on > p2p-hackers about friendnets, also known as darknets, small > world networks, and F2F networks; also capabilities security, > sometimes known as smart contracts. An example thread begins > at http://zgp.org/pipermail/p2p-hackers/2005-August/002915.html > > p2p-hackers: Tyler Close' method for HTTP access control > using nothing but unguessable (and secret) URIs came up on > REST-discuss. That thread begins at > http://groups.yahoo.com/group/rest-discuss/message/5228 In > the context of friendnets, Tyler's scheme is a beautifully > simple way of controlling access using nothing but low-tech > means. Not only does it limit access to trusted parties, it > also allows for transitive relationships. (Warning: his > scheme is counterintuitive, since the dependence on secret > URLs smells like security through obscurity). > Interesting idea. It may not be security via obscurity, but it does appear to ignore a number of practical considerations. For instance, what about the secret URL being passed on in referrer headers to other pages? I think some browsers block it when you go from a secure page to a non-secure page on another site (although I'm unsure about that). The argument that users shouldn't put links to on a secured page is more surprising than the things it is trying to avoid (to me anyway). OTOH, all browsers block HTTP authenticaion credentials from being passed in the referrer header. Nick _______________________________________________ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
signature.asc
Description: Digital signature