The fact that there were open concerns does not mean that PR455 was wrong. Please undo the revert that was part of PR458.
EVERYONE. Stop merging. Discuss on the list. From: Richard Barnes <[email protected]> Date: Saturday, October 6, 2018 at 5:38 PM To: "[email protected]" <[email protected]> Subject: [Acme] Randomizing URLs in examples I have opened a PR reverting Jacob's reversion of the #455 https://github.com/ietf-wg-acme/acme/pull/460<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Dwg-2Dacme_acme_pull_460&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=BVuDxcfZ6gqvMhTwPx5_IBrSGYyRDKXFz44zpUDqYzk&s=-UB6HkBx9D0IC9vVtH33vUa91KYUENpYQ8Ngn63FQfo&e=> The randomization of examples is independent of whether you think GETs are a good idea or not. As noted in the Security Considerations, having different types of resources in different namespaces, with unpredictable URLs, prevents attackers from discovering correlations if, say, a URL leaks. Any objections to this change? --Richard
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
