I didn't merge, I just opened the PR so that we could have the discussion. On Sat, Oct 6, 2018, 17:44 Salz, Rich <rs...@akamai.com> wrote:
> The fact that there were open concerns does not mean that PR455 was wrong. > > > > Please undo the revert that was part of PR458. > > > > EVERYONE. Stop merging. Discuss on the list. > > > > *From: *Richard Barnes <r...@ipv.sx> > *Date: *Saturday, October 6, 2018 at 5:38 PM > *To: *"acme@ietf.org" <acme@ietf.org> > *Subject: *[Acme] Randomizing URLs in examples > > > > I have opened a PR reverting Jacob's reversion of the #455 > > > > https://github.com/ietf-wg-acme/acme/pull/460 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Dwg-2Dacme_acme_pull_460&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=BVuDxcfZ6gqvMhTwPx5_IBrSGYyRDKXFz44zpUDqYzk&s=-UB6HkBx9D0IC9vVtH33vUa91KYUENpYQ8Ngn63FQfo&e=> > > > > The randomization of examples is independent of whether you think GETs are > a good idea or not. As noted in the Security Considerations, having > different types of resources in different namespaces, with unpredictable > URLs, prevents attackers from discovering correlations if, say, a URL leaks. > > > > Any objections to this change? > > > > --Richard >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme