- From: <noah_mendelsohn@us.ibm.com>
- Date: Fri, 27 Mar 2009 19:25:12 -0400
- To: Dan Connolly <connolly@w3.org>
- Cc: Cullen Jennings <fluffy@cisco.com>, Thomas Roessler <tlr@w3.org>, www-tag@w3.org
Dan Connolly asks:
> I'm interested to know whether Noah and other TAG members have other
opinions.
Short answer: I don't have one that's sufficiently well informed to be
useful as a net answer, but...
Cullen Jennings wrote:
> Two questions, first when you talk about the overhead of introducing a
> new URI scheme, are you talking about the difficulty of getting this
> introduced and used on general web browsers for general web use? I
> agree that would be hard.
I think it goes beyond the overhead of >introducing< it. Let's assume
that this new scheme has become widely deployed, in that servers and
clients everywhere know about it. There's still a cost to wiring
restrictions on how something is accessed into its identifier, I think.
Let's say that you had a document on a server that needed SRV records, so
you create a uri http+srv://example.org/mydoc. Perhaps it's on one of
those home servers you're trying to support. Years go by, your site gets
famous, and you want to rehost it at an ISP. Well, they better let you
create an SRV record for your server, whether it's otherwise needed or
not, because the names (identifiers) of your resource mandate that SRV be
used. Maybe that's a problem or maybe it's just a nuissance.
I think you lose some of the other promise of SRV records by relying on
the URI scheme: let's say you have three servers you want to consolidate,
and you don't want to use Apache tricks to share hosting, so you're
tempted to use SRV records and run servers on multiple ports.
Unfortunately, all your documents are named with http-scheme URIs, so
there's no hint to the client to use SRV. I'm less sure this use case is
a good one, but I think it's worth consideration.
I think the closest point of comparison is http vs https, which we did
debate in an earlier incarnation of the TAG when I wrote some of the
drafts of [1]. I should say that those drafts were put aside because
there was no consensus on what they tried to say, but at least some
members expressed the opinion that https in particular was justified
because URIs are about the contract between an identifer and its referent.
When you attempt to access a resource using an https URI it's implicit
that certain mechanisms such as digital certificates will be used to
increase the assurance that the correct resource has indeed been
contacted. With http, you're more vulnerable to things like DNS spoofing.
So, in that sense, https is truly a different namespace from http. Note
that https has the same drawbacks listed above for http+srv. If you
change hosts from one https server to another for the same resource, then
the 2nd one must authenticate as well. That seems appropriate to me
While I see no outright violations of Web architecture in using http+srv,
it doesn't seem to me to have good cost/benefit, and I'm not sure it
conveniently meets the use cases you'd want it too.
As I said at the start, don't take the above as a well reasoned net
answer, but rather as some fragmentary thoughts for discussion.
Noah
[1] http://www.w3.org/2001/tag/doc/SchemeProtocols.html
--------------------------------------
Noah Mendelsohn
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Dan Connolly <connolly@w3.org>
Sent by: www-tag-request@w3.org
02/23/2009 01:32 PM
To: www-tag@w3.org
cc: Thomas Roessler <tlr@w3.org>, Cullen Jennings
<fluffy@cisco.com>, (bcc: Noah Mendelsohn/Cambridge/IBM)
Subject: http+srv worth its own URI scheme? (ISSUE-49
schemeProtocols-49)
srv records for web servers seems like a fine idea,
long overdue; but I'm skeptical that it's worth a new URI scheme.
I'm interested to know whether Noah and other TAG members
have other opinions.
cf. ISSUE-49 schemeProtocols-49
http://www.w3.org/2001/tag/group/track/issues/49
Begin forwarded message:
> From: Mark Nottingham <mnot@mnot.net>
> Date: 23 February 2009 07:22:43 CEST
> To: HTTP Working Group <ietf-http-wg@w3.org>
> Subject: Fwd: I-D Action:draft-jennings-http-srv-01.txt
> Archived-At:
<http://www.w3.org/mid/327B22FA-F09A-4817-8C2B-E728D5E08274@mnot.net
> >
>
> FYI.
>
> Begin forwarded message:
>
>> From: Internet-Drafts@ietf.org
>> Date: 23 February 2009 3:45:01 PM
>> To: i-d-announce@ietf.org
>> Subject: I-D Action:draft-jennings-http-srv-01.txt
>> Reply-To: internet-drafts@ietf.org
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>
>> Title : DNS SRV Records for HTTP
>> Author(s) : C. Jennings
>> Filename : draft-jennings-http-srv-01.txt
>> Pages : 7
>> Date : 2009-02-22
>>
>> This document specifies a new URI scheme called http+srv which uses a
>> DNS SRV lookup to locate a HTTP server. The http+srv scheme operates
>> in the same way as an http scheme but instead of the normal DNS A
>> record lookup that a http scheme would use, it uses an DNS SRV
>> lookup. This memo also defines a https+srv scheme that operates in
>> the same was a an https URI but uses DNS SRV lookups.
>>
>> The draft is being discussed on the apps-discuss@ietf.org list.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-jennings-http-srv-01.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> Below is the data which will enable a MIME compliant mail reader
>> implementation to automatically retrieve the ASCII version of the
>> Internet-Draft.
> Content-Type: text/plain<BR>Content-ID:
<2009-02-22203840.I-D@ietf.org
> ><BR><BR>
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Friday, 27 March 2009 23:24:38 UTC