- From: Trevor Perrin <trevp@trevp.net>
- Date: Tue, 29 Apr 2003 23:39:58 -0700
- To: Simon Josefsson <jas@extundo.com>
- Cc: "Roy T. Fielding" <fielding@apache.org>, uri@w3.org
At 03:25 AM 4/30/2003 +0200, Simon Josefsson wrote: > >> > >>The characteristic I liked about my idea was that the original URL was > >>not modified, only embedded. This simplifies implementation slightly. > > > > true. Would you want to rename "meta" to "secure" or "crypto"? Then > > it becomes a little more readable.. > > > > secure:http://www.blabla... > > secure:mailto:alice@acme.com... > >I agree meta: isn't very informative, so a better name would be good. >On the other hand, secure/crypto might be too narrow. I'm thinking >about other possible "metadata" you might want to attach to an URL. >E.g.: I can't think of great uses for metadata like this beside crypto data, so I wouldn't mind having a "secure" scheme just targeted to document hashes, key/cert fingerprints, and key/cert-retrieval URLs, unless there's a compelling reason to broaden it. >meta:preferred_language=fr:http://www.debian.org/ > >Although this example is probably not a good one, as it is http >specific. > > >> > I'm denoting a secure scheme by appending "-" to the base scheme, > >> > you're denoting a secure scheme (or metadata-enhanced scheme) by > >> > "meta", with the base scheme in the scheme-specific part. I'm not > >> > sure which way is better. > >> > >>According to RFC 2396, the '-' character is a valid trailing scheme > >>character. Since I assume you are not proposing to register 'http-', > >>'ftp-', etc individually, but rather extend the base specification so > >>this idea automatically applies to all URI schemes, using a currently > >>invalid scheme character might be better. Then old software will not > >>be confused if someone is currently using a private scheme named > >>'myownhack-://...'. So instead it could be 'http*://...'. Although I > >>still prefer my idea. It doesn't require any modification to the base > >>specification, just a new meta: URL registration. > > > > Interesting.. I wanted to use asterisks, but I thought software > > unfamiliar with secure URIs might puke on seeing a document with an > > invalid scheme character. So I chose "-" as a trailer since there's > > currently no schemes using it, and I figured we could just cross our > > fingers about private schemes. > >It may be safer if old software puked on it, rather than possibly >parse it as an existing private-use URI. But this is really mostly a >theoretical problem. > >I do prefer registering one new URL scheme, instead of either >modifying the base specification or register many URL scheme, though. yeah.. I prefer that too, after further thought. I'm in favor of a "secure" scheme with the URI first, since then it kinda reads as if "secure http" or whatever is the scheme name, which just looks nice: secure:http://www.whatever.com:sha256=... secure:mailto:alice@whatever.com:x509_sha1=... etc.. Trevor
Received on Wednesday, 30 April 2003 02:40:07 UTC