On Mon, Feb 23, 2009 at 10:13 AM, Breno de Medeiros <br...@google.com> wrote: > Every application _will_ need to use different processing rules, because, > well, they are interested in different things.
Applications will be interested in different facts in the host-meta store, but why should they use different procedures for obtaining the host-meta store? They might as well use different stores entirely. > What is the attack model here? I assume is the following: The attacker > compromises the server to serve a re-direct when there should be a file > served (or a 404). Well, the attacker can't upload a host-meta with what it > wants in it? Why? Often users can add redirects to a server without the ability to upload content to that serve. For example, tinyurl.com/host-meta now redirects to a URL I control even though I have no ability to upload content to tinyurl.com. Why should I be able to set host-meta properties for tinyurl.com? > Perhaps that argument would be more convincing when you provide an example > of an attack made possibly by introduction of a redirect that would not be > possible by, say, adding a line to the host-meta file. Ok. I own tinyurl.com's host-meta store because of redirects. Without redirects, I don't know how to own their host-meta store. Adam
