[cosmo-dev] How unique are tickets? (more on security hole options)

[Grant Baillie]

One thing I was realizing as I was implementing the ticket-generating  
code for the Desktop, is that it's easiest to generate the tickets for  
all shares an item is part of, regardless of which server the item is  
shared on.

Are ticket-ids uniqued enough that this is OK? Also, are there  
security implications ("leaking" tickets to other servers, I guess) I  
should worry about?

It's certainly possible to try to generate tickets for only the server  
we're dealing with, although in practice instances may be shared by  
different server URLs, a well-known case in point being just http: vs  
https: on the Hub. So, I'm somewhat reluctant to go add a bunch of  
logic that may well be broken anyway.

--Grant