[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] PLEASE REVIEW: Revised Redirect & Ref Processing Proposal
Markus, As I understand it the synonym verification is a way to check the relationship between the XRDS pointed to by the URL and the CID of the XRDS pointing to it. I don't know what a spoofer would gain by pointing to a valid XRDS at the URL as they could always construct a new one at another URL with the appropriate synonym. I don't see it adding much but someone thought it was important perhaps in some other context. So I don't see any harm in the resolver checking other than processing. Likely it will mostly be useful to detect mal configuration, not a bad thing. As Drummond pointed out the simplest case is only having it at the XRD level and replacing the whole XRD with the one from the URL, Exactly like a HTTP redirect. We loose the ability to have the URL selected based on the service. On the other hand thinking about it that may not be the goal of the spec. The use case is to allow people to place there XRDS on a simple web server. The simple case achieves this. Perhaps if someone wants to compose an XRDS from multiple sources we push the responsibility on them. We are keeping up our end. They can have the XRDS static or constricted any way they like on the server. The web server is not in our scope. So I will support the path to the quickest resolution of this point. I need to learn that just because a XRI resolver could do something that doesn't mean that it should do something. 73 =ve7jtb On 2-Oct-07, at 2:11 AM, Markus Sabadello wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]