On 12/20/18 6:17 PM, Eric Rescorla wrote:
>
>
> On Thu, Dec 20, 2018 at 3:59 PM Mark Nottingham <mnot@mnot.net
> <mailto:mnot@mnot.net>> wrote:
>
>
>
> > On 21 Dec 2018, at 10:45 am, Eric Rescorla <ekr@rtfm.com
> <mailto:ekr@rtfm.com>> wrote:
> >
> > I'm not convinced a strict / algorithmic means of identifying
> them will add value; consider the name spaces of things like HTTP
> headers, and how little the registry is actually used, and how few
> collisions problems we actually encounter. Also, I wanted this
> field to be someone flexible so that a CDN could choose to use
> multiple tokens if it wanted to; e.g., some use a hierarchy,
> others use multiple "networks" with different configurations.
> >
> > If this text is causing so much heartburn, I suggest we just
> remove the sentence (and probably remove "as a whole.").
> >
> >
> > I'm not going to be any happier about that. I don't think you
> need to provide a construction, but if the requirement is that
> they be unique in some fashion, then you need to state what that
> fashion is.
>
> I was saying that we should remove the requirement. This is
> similar to Via's ability to use a pseudonym; there is no
> uniqueness requirement there (we trust that the motivation of the
> party generating it to make it useful is sufficient).
>
>
> I'm not persuaded this true. Collisions here seem to create an obvious
> interop problem, and so the specification should tell you how to avoid
> them.
I agree with EKR here. The more I think about the situation -- and
Mark's responses in particular ("There are relatively few CDNs, and
they're pretty aware of each other") -- the more I'm convinced that,
while the proposed solution *probably* works in 2018, it may well fail
in 2028, depending on how the CDN market evolves. If history is any
guide, engineers are pretty terrible futurists. The best we can do is
plan for scaling beyond that which we can presently imagine (cf. IPv4).
I think some means of collision avoidance here is required prior to
document publication.
/a