p2p-hackers: Everything as a file in p2p

From: p2p-hackers@zgp.org (Aaron Swartz)
Replying To: Gordon Mohr <p2p-hackers@zgp.org>
Date: Tue Jul 16 11:53:02 2002
Subject: [p2p-hackers] Everything as a file in p2p
On Tuesday, July 16, 2002, at 01:07  PM, Gordon Mohr wrote:
> Also, there's no need to include the actual signature of the name 
> inside the URI. [...]

Oh,  I guess I misunderstood you -- I actually had the same idea and 
started on a draft for this several days ago:

http://www.aaronsw.com/2002/draft-swartz-pgp-urn-00.html  (.txt, .xml, 
etc.)

> Are you suggesting that instead of a parameterized "kau" type, there be 
> different URI types for each signing algorithm? That just pops the 
> registration issue up a level, pollutes the URI-scheme namespace,

How is it pollution? 

> A software module need not understand the algorithms  to be useful; a 
> DHT-based library might have a rule for finding the nodes responsible 
> for certain "kau:" entities without knowing the algorithms in use.

I would hope such a library would be able to handle any URI, not just 
kau ones.  If it doesn't understand the signature algorithm, why does it 
care if it's associated with a key or not?

> You don't even really need a formal IANA-type registration  procedure 
> when your universe of possibilities is small, and all people who might 
> be choosing conflicting tokens can easily find each other.

This may be true, but sort of defeats the purpose of the URN 
standardization process.  The idea is to have a central registry where 
people can get the correct answer and know that it's correct. Not just 
guess based on common techniques. Furthermore, they should be able to 
find the definitive specifications for all these hashes and formats by 
following links to specs. If you want something less formal, why not 
carve out a bit of HTTP space?

> [Tangent: Just like search engines such as Google have made the DNS 
> registration system less important, do tools like Google and the 
> Internet Archive make specialized collision avoidance registries, like 
> IANA, less important? Now you can claim a name-token by widespread use, 
> and others who come later can easily find out if prior uses exist, and 
> in what contexts, and possibly even as-of-what-date. Of course, some 
> people won't check Google, or be tactful about avoiding confusion, but 
> those are the same people who won't check IANA and prior activity 
> anyway.]

Google is simply another form of centralized storage and query, although 
the input method is different and less structured.  Even if we switch to 
a totally decentralized system like a DHT, the fundamental need of 
having a clear way to state "X is controlled by Y and specified in Z" 
won't go away. I'm not the most fond of IANA or their "parent" ICANN, 
but they do provide a useful service. Using Google to see if anyone has 
registered a URI scheme called "the" is rather difficult without 
consulting a specific registry.

BTW, was urn:sha1 ever registered?  I don't see it at: 
http://uri.net/urn-nid-status.html
--
Aaron Swartz [http://www.aaronsw.com] 
4FAC4838B7D8D13FA6D92EDB4145521E79F0DF4B
I will be in San Diego for the O'Reilly Open Source Convention the 24-26 
July.