They are not explicitly forbidden but I think it’s a bad idea. If the file is
somehow separated from the signature, a relative URI would require an
assumption that it is relative to the MUD URL. The reason for detached
signatures was based on available software and ease of debugging.
Canonicalization made the file unreadable to the human eye.
Eliot
> On Aug 26, 2018, at 02:43, Michael Richardson <mcr+i...@sandelman.ca> wrote:
>
>
> leaf mud-signature {
> type inet:uri;
> description
> "A URI that resolves to a signature as
> described in this specification.";
> }
>
> Are relative URIs permitted here?
> They are not explicitely forbidden, but it might not be obvious to all
> implementers that they are permitted, and that they should be relative to the
> URL at which the MUD file was retrieved.
>
> I can't see any reason not to permit them, and I think that they are
> relatively useful, as it permits the signature to be found adjacent to the
> signature.
>
> (Or should a relative URI be relative to the mud-url that is contained within
> the file? As the mud file has not yet been validated until the signature has
> been retrieved, there are possibly some security issues that go along with
> the selection of what the base URL to do relative URLs. I almost think that
> the URL should always be relative)
>
> --
> Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
