On 2/19/14 22:32, Martin Thomson wrote:
I think that you need to consider confidentiality here as well. It might be desirable to have the addressing information concealed. That implies a mechanism like: http://tools.ietf.org/html/draft-rescorla-stateless-tokens
You'll note that I employ pretty much that technique exactly, modulo the encryption (which I call out in the final paragraph as "not in this version, but probably desirable for the next", and which the draft concedes is optional) and the use of bitmasks and bloom filters for invalidation (since revocation is expected to be exceedingly rare).
That leads to the next concern, which is that committing to a URI format is not wise in general because that can dictate server architecture. If you do as you describe (s/http/https), then loop.services.mozilla.com is it. You can't hand out tokens that reference a specific deployment or server, you can't move stuff without paying redirect or proxying costs.
Apparently, I was not sufficiently clear. I was not describing client behavior in any way whatsoever. I was describing server behavior. The intention here is exactly that the client asks for a full URL, and the server provides one. The client is in no way involved in synthesis of the URL.
-- Adam Roach Principal Platform Engineer [email protected] +1 650 903 0800 x863 _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
