- From: a <a@trwnh.com>
- Date: Wed, 12 Apr 2023 08:48:17 -0500
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Kevin Marks <kevinmarks@gmail.com>, public-swicg@w3.org
- Message-ID: <CACG-3GhPfTF=heAZJPBqyD24S8dA=uc-vBteq3_qU17X-utvtA@mail.gmail.com>
>> Attacking DNS is a perpetual red herring here, and enda up with Zooko's triangle failure modes a bit like that URL. You have either alternative resolver roots that are more proprietary than DNS, content addresses that are fugly, or more fragile key management models with worse failure modes. DNS is a success. > It is possible to make content addressable identifiers on the web more user-friendly by embedding them in hyperlinks, which can be more easily understood and navigated by end users. It's also possible to use DNS as a petname system for the "real" identifier. Who cares if the "real" identifier is "fugly"? It's not for you, it's for the machines. One historical thing I wish we drew more inspiration from is the XRI concept of "i-numbers" vs "i-names", as well as subjects and aliases at the DNS resolver level. In practice today we have Webfinger which can theoretically fulfill the same role -- ask it to resolve a DNS-based resource URI and get the not-necessarily-DNS-based subject URI from the resource descriptor. For example: if you resolve an https: URI that is an alias for some other identifier with a non-DNS root-of-authority (URN, DID, etc.), then the https: URI never has to be used directly by anyone except the user and the user-agent. Put another way: DNS is a "success", but there is still a "failure" in that it is reassignable and open to insolvency. I would not use DNS/http:/https: as the canonical or authoritative identifier for anything I wanted to outlive a yearly DNS lease. Sure, you can refer to me as "trwnh.com"... but only for now. We need another layer of indirection to allow that domain name to change.
Received on Wednesday, 12 April 2023 13:48:36 UTC