On Wed, Dec 27, 2000 at 07:10:11PM -0600, Mark J. Roberts wrote:
> On Wed, 27 Dec 2000, Scott Gregory Miller wrote:
> >
> > On Wed, 27 Dec 2000, Mark J. Roberts wrote:
> >
> > > On Wed, 27 Dec 2000, Scott Gregory Miller wrote:
> > >
> > > > I'd actually prefer forcing a mapfile to exist in an SVK subspace in order
> > > > to eliminate nesting a key in a key. Thats just ugly in my opinion. The
> > > > advantage to MSK@pubkey,mapname//document was that both mapname and
> > > > document are SSK documents residing under a common SVK public key. In
> > > > other workds, it was a way of defining two keys under one URI without
> > > > nasty embedding.
> > >
> > > And as I've said five times before, that also forbids guessable keys that
> > > have paths that work correctly. What users prefer is often not what
> > > programmers prefer. And users want simple guessable keys with no catches.
> > Thats why we have KSKs.
>
> No, it's not that simple, you can't just redirect from a KSK to a MSK. For
> one, it'll confuse the browser, and the links won't work. Among other
> reasons.
(I could be misunderstanding you here.)
But KSKs are inherently insecure and should be avoided when not absolutely
necessary. If you do have a "map" file like you suggested, then it should
never be located directly under a KSK but rather under a secure key type
(to which KSKs can be redirected). Since the map file would form the core
document of the site, it is absolutely imperative that it resides within a
secure key so that people can bookmark the site and be sure they are
returning to the same place.
The clients will just have to be smarter (capable of carrying the
mapping name over a redirect if necessary), and links must, like
bookmarks, be to a secure key all the same.
Like so often with security, inexperienced users will be likely to slack
on this if given the option, but in fact they DO want to be sure that what
they are linking or returning to is actually what they left.
>
>
> --
> Mark Roberts
> [EMAIL PROTECTED]
>
>
> _______________________________________________
> Freenet-dev mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/freenet-dev
--
'DeCSS would be fine. Where is it?'
'Here,' Montag touched his head.
'Ah,' Granger smiled and nodded.
Oskar Sandberg
[EMAIL PROTECTED]
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
