what if, instead of using both a machine-generated, unmemorable ticket
AND a user-generated, memorable password, we simply let the sharer
choose the ticket string if he wants, letting the server generate a
random one as it does today if the sharer doesn't care?
While I agree that using both a password and a ticket seems like the
wrong thing to do, the ticket spec (http://www.sharemation.com/
~milele/public/dav/draft-ito-dav-ticket-00.txt) states:
1.2 Ticket ID Scheme
The only condition imposed on ticket IDs is that the ticket ID MUST
be unique on a resource at any given time. However, since the ticket
ID is used as proof that a principal is in possession of the ticket,
a server SHOULD select a ticket ID scheme such that it would be
sufficiently difficult for an adversary in a way to guess or predict
a ticket ID.
Another point that we are not considering is that Tickets can be
limited on how long they are valid and how many uses they allow.
This may allow for people that are concerned with others passing
along there URL with the ticket enclosed to put a shorter timeout on
the ticket, or possibly only issue 1 time use tickets (Limited use
tickets are currently not supported by cosmo).
-Ed
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
