On 2011/09/30 23:40, stephen.farr...@cs.tcd.ie answered Phillip
Hallam-Baker:
Only real issue for me is that it has to fit in URI type slots. The
scheme I was thinking of would be a pure URN scheme, your proposal
includes URL like things.
If you use what RFC 2396 calles the 'opaque' syntax (e.g. no slashes at
all; in RFC 3986, I think slashes would even be allowed if they don't
appear directly after the first ':'), then you can define an URI scheme
without including host-like stuff and you don't have to use "urn:" as a
prefix.
Yep. We have use-cases for that. Note though that the authority
part is optional, so a fairly bare digest is quite possible and
would look like ni:///sha256:NDVmZTMzOGVkY2Jj...
The triple slash at the beginning is a bad idea. There should only be
slashes if the scheme conforms to the generic syntax (i.e. a double
slash, something like a host name, and then slashes for something
pathlike). Just ni:sha256:NDVmZTMzOGVkY2Jj... is way better.
Clearly, your scheme is a better way to reference external content in
a resolvable format. I have to go look at the URN and URI specs again
in detail.
I also thought about URNs but was told (by PSA I think) that those
are intended for managed name spaces and not things like this.
This recently came up on the urn mailing list. Please e.g. see
http://www.ietf.org/mail-archive/web/urn/current/msg01616.html.
I note that you have a content type, which I have but someone here was
objecting to. I consider the content type to be essential meta-data
for obvious security reasons.
I don't think Paul Hoffman, who brought this up, was objecting. He just
wanted to know what it's good for. Some security reasons may be obvious
for you, but not for everybody :-).
Our use-case for that is for cases where the named object actually
arrives in some wrapped form (e.g. encrypted) and you need to know
the "inner" content type. However, I could see it being used otherwise
or being dropped as things progress.
Just curious: Why would you need to know the inner content type?
Wouldn't the wrapper contain that information?
Regards, Martin.
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec