[cap-talk] YURLs. What is the model of development?

David Wagner daw at cs.berkeley.edu
Sat Nov 26 04:58:03 EST 2005


coderman <coderman at gmail.com> writes:
>On 11/25/05, David Wagner <daw at cs.berkeley.edu> wrote:
>> if humans ever see
>> YURLs, then it is very easy to imagine that humans might occasionally
>> leak those YURLs to others without intending the consequences that follow.
>> Do you have any thoughts on the best way to deal with this risk?
>
>when dealing with such identifiers in a user interface they should be
>aliased with a pet name; they are meaningless to human brains. a pet
>name in this instance could be embodied as a bookmark, a hyperlink,
>etc.

Petnames are plausible for frequently visited sites.  I can see
having a petname for cnn.com.  But petnames for one-time URLs don't
seem very attractive, from a usability stand point.  If my friend
forwards me a link in email, do I have to set up a petname before I
can follow it?  Doesn't sound very attractive.  Then, there's also
the issue of how I forward a link to a friend.  Let's say I visit a
site I really like and I want to send a link to my friend (but without
giving away my authentication tokens, obviously).  I'm not quite sure
how one would go about supporting this kind of use case in a flexible,
general fashion.  Right now I just click on a link and copy the URL
into the clipboard, but doing that with YURLs would risk unwanted
leakage of capabilities.

>you can't prevent malicious users from intentionally exposing secret
>YURL's but you can make it very difficult to disclose a secret YURL by
>accident.

Right.  Preventing accidental disclosure of YURLs is the problem I'd
like to learn how to solve.  Can it be done without harming usability?


More information about the cap-talk mailing list