[tahoe-dev] Bringing Tahoe ideas to HTTP
James A. Donald
jamesd at echeque.com
Wed Sep 2 03:00:21 UTC 2009
Fuzzy Hoodie-Monster wrote:
> I still say making names be secrets is a losing strategy. Especially
> if they are actually URLs in actual web pages. Having sensitive
> information in URLs is a bug.
The idea of secret names, names with power, is not that hard to grasp,
and is a very useful tool.
There is a problem in that browsers are designed on the assumption that
names can never be secret, can never have power.
If your secret document with a secret name has links to someone else's
server, and someone clicks on such a link, your browser will send out
the secret name, and the log files on that server will give out your
secret name.
This, however, should not stop us from going right ahead with secret
names, names with power.
More information about the tahoe-dev
mailing list