Re: [Uri-review] Review request for gittorrent: URI scheme
Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com> Wed, 06 April 2016 04:46 UTC
Return-Path: <iana.url.schemes.gittorrent@chrisrebert.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E4512D0C3 for <uri-review@ietfa.amsl.com>; Tue, 5 Apr 2016 21:46:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, T_FILL_THIS_FORM_SHORT=0.01, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chrisrebert.com header.b=GGRT5yE7; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=AWvJ46LQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWJKSM1ejHcr for <uri-review@ietfa.amsl.com>; Tue, 5 Apr 2016 21:46:43 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7817C12D6D4 for <uri-review@ietf.org>; Tue, 5 Apr 2016 21:41:15 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 2BBC421A74 for <uri-review@ietf.org>; Wed, 6 Apr 2016 00:41:14 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute3.internal (MEProxy); Wed, 06 Apr 2016 00:41:14 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=chrisrebert.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=X2LfEvuW77Osck6brEoMNzIATpw=; b=GGRT5y E7b3LC4Kl+uR4jXfk4w57+6SBV/tLYT8A+QXFYJo5cpH5tERQEMRimpBivesxItJ 0/X2muk5FYyta9KY6u8KwthDf3172iG/Vpzz8e4GEDjOFy02WwHfIKebF4n87+m/ OAgZeNRe+uDBPBXs5jHmI7Z2O8wUHJExXsxG4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=X2LfEvuW77Osck6 brEoMNzIATpw=; b=AWvJ46LQsfW4oxpMgyrMdMMaEBVAKKqfcvq5h1qvD7bnmq8 fbo1+VxHXTtdAIxRU76O/tVIC+6JPe/4U61Y1zvsu61ryUrLypYZy4aE8M1ifEdG f8CdYTUxZH3fbXc83QU3DoIj4r/QS6jix2aSIaGmd1UkPy4hAjeYFWv4Y0Co=
Received: by web4.nyi.internal (Postfix, from userid 99) id EFE3B11563A; Wed, 6 Apr 2016 00:41:13 -0400 (EDT)
Message-Id: <1459917673.611180.570333121.28B1D0E7@webmail.messagingengine.com>
X-Sasl-Enc: MfVJftuKJyprHZ46eSiLB3Pb+rzg5djJsBNt/slj5a0d 1459917673
From: Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com>
To: uri-review@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6aa5290f
Date: Tue, 05 Apr 2016 21:41:13 -0700
In-Reply-To: <1459739409.1809977.567878170.34FFAB67@webmail.messagingengine.com>
References: <1459739409.1809977.567878170.34FFAB67@webmail.messagingengine.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/uri-review/8tR59SCxNKjYs7jAMNN490g4ei4>
Subject: Re: [Uri-review] Review request for gittorrent: URI scheme
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 04:46:45 -0000
On Sun, Apr 3, 2016, at 08:10 PM, Chris Rebert wrote: > Hello, > > Per the advice of RFC 7595, I hereby present the following proposed > registration of the "gittorrent" provisional URI scheme for review. > Any feedback is greatly appreciated. Thanks. Here's a revised draft based on the feedback thus far. Cheers, Chris **** http://chrisrebert.com Browser 🐛 of the day: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7124038/ ******** Scheme name: gittorrent Status: Provisional Applications/protocols that use this scheme name: GitTorrent ("A decentralization of GitHub using BitTorrent and Bitcoin") Contact: Scheme creator: Chris Ball <http://printf.net/> Registering party: Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com> Change controller: Either the scheme creator or the registering party. References: Ball, C., "Announcing GitTorrent: A Decentralized GitHub", 29 May 2015, <http://blog.printf.net/articles/2015/05/29/announcing-gittorrent-a-decentralized-github/>. Ball, C., "GitTorrent", 2016, <http://gittorrent.org/>. Ball, C., "GitTorrent", 2016, <https://github.com/cjb/GitTorrent>. Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and B. Yang, "Ed25519: high-speed high-security signatures", 27 September 2011, <https://ed25519.cr.yp.to/>. Bitcoin Project, "Bitcoin - Open source P2P money", 2016, <https://bitcoin.org/en/>. Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, March 2014. Cohen, B., "BEP 3: The BitTorrent Protocol Specification", 11 October 2013, <http://www.bittorrent.org/beps/bep_0003.html>. Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 (SHA1)", RFC 3174, September 2001. "Git", 2016, <https://git-scm.com/>. Scheme syntax: This scheme uses a profile of the RFC 3986 generic URI syntax. At the time of writing this registration, a gittorrent URI comes in one of three forms: 0. Where the "authority" component is a domain name Example: gittorrent://github.com/cjb/recursers The "path" and "query" components have no extra restrictions. 1. Where the "authority" component is a 40-byte hexadecimal number (the conventional representation of a SHA-1 hash digest) Example: gittorrent://81e24205d4bac8496d3e13282c90ead5045f09ea/recursers In this case, the "query" component is not permitted, and the "path" component consists of exactly one segment (the Git repository name). 2. Where the "authority" is a username Example: gittorrent://cjb/foo In this case, the "query" component is not permitted, and the "path" component consists of exactly one segment (the Git repository name). There may be further restrictions on the format of usernames and repository names. Given the youth of the GitTorrent project, additional gittorrent: URI forms might be defined in the future, and the interpretation of the existing forms could potentially be changed. Implementors SHOULD consult the GitTorrent project for the most up-to-date information on gittorrent: URIs, as there is currently no de jure standard for them. This third-party URI scheme registration is based on the GitTorrent reference implementation's documentation at the time of writing. Scheme semantics: gittorrent URIs represent Git repositories and specify the metadata necessary to clone a repository, to read the repository's commits, and, with the necessary cryptographic key, to write commits to the repository. See the GitTorrent project for full details. The following is a summary of read-only usage when cloning the repository: In URIs of type (0), the SHA-1 hash identifier of the latest commit of the primary branch is fetched via the git protocol, as if this had been a git: URI. The actual data for that commit (and its ancestors, if necessary) is then downloaded via BitTorrent. In URIs of type (1), the SHA-1 hash in the "authority" component is used as a key for a lookup in a BitTorrent DHT (distributed hash table). The value obtained from the lookup is a JSON object representing a GitTorrent user profile, which includes the names of that user's repositories, the names of those repositories' git refs, and the SHA-1 hash identifiers of the commits that those refs currently point to. The "path" component is the name of the repository, and is used to look up the corresponding SHA-1 hash commit identifier of the primary branch of the repository in the user profile. The actual data for that commit (and its ancestors, if necessary) is then downloaded via BitTorrent. In URIs of type (2), the username in the "authority" component is used for an OP_RETURN transaction lookup in Bitcoin's blockchain. If successful, this lookup yields a SHA-1 hash which is then used as a key for a lookup in a BitTorrent DHT (distributed hash table). The value obtained from the lookup is a JSON object representing a GitTorrent user profile (as described in the previous paragraph). The "path" component is the name of the repository, and is used to look up the corresponding SHA-1 hash commit identifier for the primary branch of the repository in the user profile. The actual data for that commit (and its ancestors, if necessary) is then downloaded via BitTorrent. Encoding considerations: Unknown, use with care. Interoperability considerations: Not fully known, use with care. The "fragment" URI component has no known meaning or usage. Unless it becomes meaningful in the future, omitting it is strongly advised. Security considerations: Not fully known, use with care. GitTorrent normally uses public BitTorrent swarms, and thus doesn't ensure confidentiality of the Git data it stores. Therefore it's normally unsuitable for Git repositories which contain unencrypted private data. The confidentiality of the data when in transit between peers depends on the particular flavor of the BitTorrent protocol being used by the peers. Git and BitTorrent use SHA-1 hashes to ensure the integrity of the data. The general security considerations for SHA-1 thus also apply to GitTorrent. GitTorrent uses Ed25519 as its digital signature scheme for ensuring the integrity and ownership of GitTorrent user profiles, and thus inherits the security considerations of Ed25519. gittorrent: URIs of type (0) refer to hosts using domain names. The domain name resolution process is subject to its own set of security considerations (see RFC 4033). gittorrent: URIs of type (2) use GitTorrent usernames, which use the Bitcoin protocol/network for their registration infrastructure, and are thus subject to Bitcoin's security considerations. Users of type (2) URIs should keep in mind that GitTorrent usernames don't necessarily correspond to the usernames of other Git-related systems, other source code management systems, or other software project management systems in general. Users should externally verify the identities associated with GitTorrent usernames before utilizing gittorrent: URIs involving those usernames. Beware of homograph attacks when dealing with gittorrent: URIs. Attackers may register GitTorrent usernames which deliberately appear visually similar to other GitTorrent usernames in an attempt to fool unwary users. Attackers may likewise upload Git repositories with names which deliberately appear visually similar to those of other Git repositories. It's currently unclear precisely how GitTorrent software differentiates between gittorrent: URIs of type (0) and type (2). For example, without further restrictions on allowed domain names, the URI gittorrent://abc/xyz could potentially either reference the top-level domain "abc" or the GitTorrent username "abc". Similarly, without further restrictions on allowed GitTorrent usernames, the URI gittorrent://abc.xyz/qwe could potentially either reference the domain "abc.xyz" or the GitTorrent username "abc.xyz". The usage of gittorrent: URIs with usernames that contain periods should therefore be avoided for the time being. Accessing GitTorrent URIs while on an untrusted network is thus potentially dangerous, since a malicious network operator might be able to influence which interpretation the GitTorrent software chooses by causing the "username" to unexpectedly resolve as a domain name or by causing the domain name to resolve to the IP address of an attacker-controlled server. Git's integrity assurance mechanisms may allow these attacks to be detected in certain cases, provided that the Git repository had been previously cloned via a trustworthy mechanism.
- [Uri-review] Review request for gittorrent: URI s… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Graham Klyne
- Re: [Uri-review] Review request for gittorrent: U… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Graham Klyne
- Re: [Uri-review] Review request for gittorrent: U… Roy T. Fielding