Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
Hi Sam, On 06/09/2012 01:43 AM, Sam Hartman wrote: > Add me as a +1 for the idea that content-type is important for this. > I tend to agree with the arguments given so far. Namely, for some > important use cases you're going to want to know the content type and > guessing is really a bad idea. Thusly counted:-) > > That said, there are security considerations associated with specifying > a content type too. I'm particularly imagining a situation where some > sort of deep inspection security appliance uses a different procedure > for deciding what kind of foo it is than the ultimate application. One > guesses based on byte stream another looks at a content type. This is > well known; it's not new; it's probably even so documented that any > reasonably current set of MIME security considerations already includes > a reference. My only real concern with adding this is the issue of complexity related to c14n of input to the hash function. While CMS does (I think) define that well, imposing that burden on anyone that might want to write code that validates name-data integrity is an issue. Anyway, if we want to add it we'll look that over and figure how it might best be done. > I agree that your draft does not use the authority portion of a URI > consistent with section 3.2 of RFC 3986. I honestly don't get that. I think we are "consistent" with 3986 (there being no MUST/SHOULD with which we're in conflict afaik) but the authority field here is not identical to that for HTTP URLs. And that's ok. > The authority separates the > namespace exactly the way it doesn't in your scheme. Yes there are differences and maybe we ought try describe that somehow. > It's a naming > hierarchy. My main concern is whether the relative reference algorithm > described in section 5/4.2 of RFC 3986. In particular take a look at the > last part of section 1.2 of RFC 3986 regarding the disallowing of > /. Consider how you want relative references in an HTML document > resolved through a ni: URI to work. I don't think your use of authority > provides good results. However I'm not sure that better results would be > achieved without hierarchy. I hope though that these comments will help > inject some ways of reasoning about authority that are less mystical and > that lead to more practical discussion. Thanks. I think your comment about relative URIs is fair and we maybe ought say there are no such things for ni URIs. (Or however that kind of thing is stated best). I guess a sentence or two about relative URIs would be worthwhile and I'll ponder that. S. > >
