- From: Kim Hamilton <kimdhamilton@gmail.com>
- Date: Wed, 22 Apr 2020 16:52:06 -0700
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAFmmOzeKyMYOAym=OfDZ==eK15RcgNaUwuHTH7pMiOMNJyUCUQ@mail.gmail.com>
no disagreement there; my response to Alex demonstrates what I'm really interested in. On Wed, Apr 22, 2020 at 4:41 PM David Chadwick <D.W.Chadwick@kent.ac.uk> wrote: > > On 23/04/2020 11:24, Kim Hamilton wrote: > > yes, that totally makes sense, but, isn't the expectation of this > > caller behavior quite unique as far as URLs go? > > > > It's easier for me thinking about hashlinks as an abstraction for > > immutable, content-addressable storage, where the response with simply > > be: you get the data or you don't. > > But that is not the model that the majority of web servers use, and if > even if they did, the untrustworthy ones would not. > > So you cannot place any expectations on an untrustworthy web server. > > > > > This opens up many implementation questions. > > > > On Wed, Apr 22, 2020 at 4:14 PM David Chadwick > > <D.W.Chadwick@kent.ac.uk <mailto:D.W.Chadwick@kent.ac.uk>> wrote: > > > > > > On 23/04/2020 10:57, Kim Hamilton wrote: > > > This has caused a series of questions, but then I realized the > > > behavior around hashlink requests/responses may be out of scope > > of the > > > spec (I don't see this on a scan). > > > > > > Nevertheless, here are some naive questions I'm curious for your > > > reaction to. > > > - What is the expected behavior from the server if the hashlink > > > doesn't match? Is it valid for a server to have indexed past > > versions > > > by their content integrity hash, and serve that up? Or is a > > mismatch a > > > failure > > > - Could we envision a hashlink as something that's up to the > > caller to > > > parse and handle? I.e. caller extracts url (doesn't send hl) and > > then > > > confirms content received matches? > > The caller must be the entity that performs the hash and confirms the > > content. Otherwise an untrustworthy server can serve any old > > content and > > says that it matches the hash. Not good! > > > > > > > > > > > > > > > On Wed, Apr 22, 2020 at 7:42 AM Manu Sporny > > <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com> > > > <mailto:msporny@digitalbazaar.com > > <mailto:msporny@digitalbazaar.com>>> wrote: > > > > > > On 4/22/20 1:19 AM, alex thompson wrote: > > > > Regarding parameterized URLs > > > > > > https://tools.ietf.org/html/draft-sporny-hashlink-04#section-3.2 > > > > > > > > Can we generalize that for URL segments instead of just > > query string > > > > similar to https://tools.ietf.org/html/rfc6920#section-5 > > > > > > > > Examples: > ./hl;zQmWvQxTqbG2Z9HPJgG57jjwR154cKhbtJenbyYTWkjgF3e > > > > ./hw.txt#hl;zQmWvQxTqbG2Z9HPJgG57jjwR154cKhbtJenbyYTWkjgF3e > > > > > > > > I think there are clear use cases for having it in the path > > > (avoiding > > > > conflicts with windows filesystems not allowing "?") and > > fragment > > > > (doing client side only validation) > > > > > > Hmm... that's an interesting thought. The Parameterized URL > > stuff was > > > meant to be a hack to enable the use of hashlinks in legacy URL > > > formats. > > > > > > Allowing them to be embedded in paths and fragments seems like > > > even more > > > of a hack, so the question really is... are we ok with > > hashlinks being > > > hacked into all these awkward places? > > > > > > I don't have a strong opinion one way or the other, so am > > happy to add > > > an experimental section stating something to the effect of > "Hey, > > > if you > > > want to embed a hashlink in a path or a fragment identifier, > > > here's one > > > way you can do it, and this is experimental and we're > > looking for > > > feedback on whether or not this is useful to you. Is this > > the only way > > > you can achieve your use case?". > > > > > > ... and then we wait for feedback. If we get no feedback or > > negative > > > feedback, we take it out of the spec. If we get positive > > feedback, we > > > keep it in. > > > > > > Would that work for you, Alex? > > > > > > -- manu > > > > > > -- > > > Manu Sporny - https://www.linkedin.com/in/manusporny/ > > > Founder/CEO - Digital Bazaar, Inc. > > > blog: Veres One Decentralized Identifier Blockchain Launches > > > https://tinyurl.com/veres-one-launches > > > > > >
Received on Wednesday, 22 April 2020 23:52:30 UTC