Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
Hi Sam,
On 06/09/2012 01:43 AM, Sam Hartman wrote:
Add me as a +1 for the idea that content-type is important for this.
I tend to agree with the arguments given so far. Namely, for some
important use cases you're going to want to know the content type and
guessing is really a bad idea.
Thusly counted:-)
That said, there are security considerations associated with specifying
a content type too. I'm particularly imagining a situation where some
sort of deep inspection security appliance uses a different procedure
for deciding what kind of foo it is than the ultimate application. One
guesses based on byte stream another looks at a content type. This is
well known; it's not new; it's probably even so documented that any
reasonably current set of MIME security considerations already includes
a reference.
My only real concern with adding this is the issue of complexity
related to c14n of input to the hash function. While CMS does (I
think) define that well, imposing that burden on anyone that might
want to write code that validates name-data integrity is an issue.
Anyway, if we want to add it we'll look that over and figure how
it might best be done.
I agree that your draft does not use the authority portion of a URI
consistent with section 3.2 of RFC 3986.
I honestly don't get that. I think we are "consistent" with 3986
(there being no MUST/SHOULD with which we're in conflict afaik)
but the authority field here is not identical to that for HTTP
URLs. And that's ok.
The authority separates the
namespace exactly the way it doesn't in your scheme.
Yes there are differences and maybe we ought try describe that
somehow.
It's a naming
hierarchy. My main concern is whether the relative reference algorithm
described in section 5/4.2 of RFC 3986. In particular take a look at the
last part of section 1.2 of RFC 3986 regarding the disallowing of
/. Consider how you want relative references in an HTML document
resolved through a ni: URI to work. I don't think your use of authority
provides good results. However I'm not sure that better results would be
achieved without hierarchy. I hope though that these comments will help
inject some ways of reasoning about authority that are less mystical and
that lead to more practical discussion.
Thanks.
I think your comment about relative URIs is fair and we maybe ought
say there are no such things for ni URIs. (Or however that kind of
thing is stated best).
I guess a sentence or two about relative URIs would be worthwhile
and I'll ponder that.
S.