[cap-talk] Capabilities vs. identity/acl - the rub, rub, rub

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Wed Nov 22 07:25:58 CST 2006


Jed at Webstart wrote:
> Have you ever actually received a capability in an email?
> By "actually" I mean a permission to access something that
> wasn't assumed to be accessible by the whole world?

Yes. I've had more than one supplier send me URLs that included an
unguessable string, to allow me to download information that was under
NDA.

(They were http URLs, and the email was not signed or encrypted, so this
was insecure against interception and spoofing, but the lacklustre adoption
of https and secure email is a separate issue to the one you're trying to
discuss here, I think.)

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>



More information about the cap-talk mailing list