[cap-talk] YURLs. What is the model of development?

David Wagner daw at cs.berkeley.edu
Sat Nov 26 04:58:03 EST 2005

coderman <coderman at gmail.com> writes:
>On 11/25/05, David Wagner <daw at cs.berkeley.edu> wrote:
>> if humans ever see
>> YURLs, then it is very easy to imagine that humans might occasionally
>> leak those YURLs to others without intending the consequences that follow.
>> Do you have any thoughts on the best way to deal with this risk?
>when dealing with such identifiers in a user interface they should be
>aliased with a pet name; they are meaningless to human brains. a pet
>name in this instance could be embodied as a bookmark, a hyperlink,

Petnames are plausible for frequently visited sites.  I can see
having a petname for cnn.com.  But petnames for one-time URLs don't
seem very attractive, from a usability stand point.  If my friend
forwards me a link in email, do I have to set up a petname before I
can follow it?  Doesn't sound very attractive.  Then, there's also
the issue of how I forward a link to a friend.  Let's say I visit a
site I really like and I want to send a link to my friend (but without
giving away my authentication tokens, obviously).  I'm not quite sure
how one would go about supporting this kind of use case in a flexible,
general fashion.  Right now I just click on a link and copy the URL
into the clipboard, but doing that with YURLs would risk unwanted
leakage of capabilities.

>you can't prevent malicious users from intentionally exposing secret
>YURL's but you can make it very difficult to disclose a secret YURL by

Right.  Preventing accidental disclosure of YURLs is the problem I'd
like to learn how to solve.  Can it be done without harming usability?

More information about the cap-talk mailing list