RE: URI scheme uniqueness from Julian Reschke on 2003-08-05 (w3c-dist-auth@w3.org from July to September 2003)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 5 Aug 2003 09:19:47 +0200
To: "Lisa Dusseault" <lisa@xythos.com>, "'Julian Reschke'" <julian.reschke@gmx.de>, <w3c-dist-auth@w3.org>
Message-ID: <JIEGINCHMLABHJBIGKBCEECPIBAA.julian.reschke@gmx.de>

> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Lisa Dusseault
> Sent: Tuesday, August 05, 2003 1:08 AM
> To: 'Julian Reschke'; w3c-dist-auth@w3.org
> Subject: RE: URI scheme uniqueness
>
>
>
>
> According to your logic, if I register the scheme "foo:", and I don't
> register the scheme "bar:", and if both schemes are defined to use a
> registered domain name and a unique network card ID plus a unique sequence
> number, then
>  -->  foo:www.greenbytes.com:1234-5678-9012:3365008 is guaranteed to be
> unique
>  -->  bar:www.greenbytes.com:1234-5678-9012:3365008 is NOT
> guaranteed to be
> unique

Yes.

> You think that because "foo:" is registered everybody will use it
properly,
> whereas because "bar:" is unregistered somebody else is likely to use it
> improperly?  In the real world, registering a schema makes it *more*
likely

Nope. Please define what you call "improper" use of a URI schema that is not
registered. The scheme name "bar" doesn't "belong* to anybody. Thus all uses
of it in public protocols is "improper".

Because it is not registered, you simply don't have any control over it. The
next day, an IETF RFC may define the "bar:" scheme for something else and
define a grammar for legal "bar:" URIs that's incompatible to your ad-hoc
usage. Clients would have every right to reject the URI because they may
have a URI parser that knows about the new scheme and rejects it.

> that other people will use it.  Increasing the usage of the scheme will
also
> increase the likelihood that even if that scheme is designed to allow
> uniqueness it will be misused and create a non-unique URI.  So in some
sense
> encouraging registration does more to make things less-than-100% robust.
> Bugs and poor implementation choices are the likely causes of
non-uniqueness
> here, not the registration of the scheme.

Both.

Anyway, you seem to suggest a mechanism that I'll call
"uniqueness-by-obscurity".

> I did not say it would be preferable for a server implementor to use an
> unregistered scheme.  I am merely arguing that some of the arguments used
in
> this discussion are bogus arguments.  Generally I don't like things to be

Such as...?

> changed for poor reasons.  Even if I'm not opposed to the change  we ought
to
> understand the reasons.

Again: I understand this as clarification. You simply can't have guaranteed
uniqueness in a URI unless the URI scheme is registered. This is *by
definition* how URIs work.

Julian

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

Received on Tuesday, 5 August 2003 03:20:04 UTC