Re: Hashed URIs from Clive D.W. Feather on 2002-11-26 (ietf-discuss@w3.org from November 2002)

From: Clive D.W. Feather <clive@demon.net>
Date: Tue, 26 Nov 2002 18:43:02 +0000
To: Paul Hoffman / IMC <phoffman@imc.org>
Cc: discuss@apps.ietf.org, uri@w3.org
Message-ID: <20021126184302.GH36230@demon.net>

Paul Hoffman / IMC said:
>>    draft-feather-hashed-uri-03.txt

> 1) There is absolutely no need to have two different hash algorithms. 
> For this purpose, both are equivalent. Pick one.

I understood that having the ability to "drop-in" an algorithm was a good
idea. That way, if there turns out to be a problem with SHA-1 then people
can switch to alternatives without needing to redesign the entire scheme.

I've made use of SHA-1 a SHOULD in the next draft.

> 2) Appendix A will lead to lack of interoperability. You haven't 
> shown why canonicalizing (that is, changing) the pre-hashed URI has 
> any advantage.

The real-world problem here is that many URIs actual lead to the same
resource. For example, domain names in URLs are usually case-insensitive.
Therefore the need to canonicalise the URL.

However, it isn't a well-defined situation. Hence two variations - one that
tends towards false positives and one that tends towards false negatives.
Which is suitable depends on the context in which you're using this.

> 3) Which leads to the biggest question: where are the real-world uses 
> for this? Which actual content providers have said "I don't want to 
> reveal the real URL for the thing you are comparing"? If those folks 
> exist, they could easily answer the first two objections. Quite 
> frankly, this seems like a cute and well thought-out idea searching 
> for a problem.

This work was originally done for ICRA <http://www.icra.org>. The ICRAsafe
filtering software available from them - among other things - blocks access
to URLs that are on "black lists". Organisations want to be able to publish
such lists without letting people use them to find "unsuitable" (in the
opinion of the person producing the list) material.

As such, it has been implemented.

> 4) Editorial: this document doesn't follow 
> <ftp://ftp.rfc-editor.org/in-notes/rfc-editor/instructions2authors.txt> 
> and therefore will probably be (at least initially) rejected by the 
> RFC Editor.

Being fixed. [Incidentally, page 14 of that document contains an error:
ASCII is ISO 646, not ISO 464.]

-- 
Clive D.W. Feather  | Work:  <clive@demon.net>   | Tel:  +44 20 8371 1138
Internet Expert     | Home:  <clive@davros.org>  | Fax:  +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |

Received on Tuesday, 26 November 2002 13:47:13 UTC