[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Considerations for Link Extensions

To: James Snell <jasnell@xxxxxxxxx>
Subject: Re: Security Considerations for Link Extensions
From: Colm Divilly <colm.divilly@xxxxxxxxxx>
Date: Tue, 25 May 2010 21:25:43 +0100
Cc: Atom Syntax <atom-syntax@xxxxxxx>
In-reply-to: <AANLkTiniIyKUkBxoGHYZaliI0MWB8p-cWbGTkOHbu23O@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-id: <atom-syntax.imc.org>
List-unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
References: <AANLkTiniIyKUkBxoGHYZaliI0MWB8p-cWbGTkOHbu23O@xxxxxxxxxxxxxx>
Sender: owner-atom-syntax@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100411)


James Snell wrote:

Ok, so I'm working on finishing up the basic link extensions draft.
The Security Considerations are currently TBD. I wanted to take a
moment to solicit input on appropriate security considerations for
these optional, advisory extension attributes.

One in particular... hash digest are often used as a simple means of
verifying that data has not been modified while in transit.. hash
digests contained within an atom:link cannot be used for that purpose.
Rather, the hash attribute is used to express the state of the linked
resource at a given point in time so that a feed consumer can detect
whether or not the resource has been modified since the link was
created.

That sounds more like an Entity Tag (which are often but not alwaysgenerated using hashes), so do we really mean an Entity Tag or isthere a reason to restrict this to just using hashes ?

Other than that, there really shouldn't be any further security
concerns with regards to the link extensions.. but I welcome being
corrected on that :-) Thoughts?

References:
- Security Considerations for Link Extensions
  - From: James Snell

Prev by Date: Re: Security Considerations for Link Extensions
Previous by thread: Re: Security Considerations for Link Extensions
Index(es):
- Date
- Thread