[cap-talk] Webkeys vs. the web

Karp, Alan H alan.karp at hp.com
Tue Mar 31 16:59:01 EDT 2009

Chip Morningstar wrote:
> >
> >That observation may lead to the solution to Chip's problem.  If what appears
> >on a page can be tied to the path used to reach it, it should be safe to put
> >on a page a link to any page that the user traversed on the path to that page.
> That's true as long as the user has traversed through a chain of non- public
> links to a page with an unguessable URL.  However, the particular problem I was
> posing had to do with the transition from a page whose URL could be expected to
> be known.
That's why I said "path to that page" and not "previous page."  I wasn't thinking about how to implement it (Nothing is impossible for the person who doesn't have to do it.), but perhaps a session cookie that's updated to keep a running hash on each page transition on the site would work.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list