IETF Logo Mail Archive

Re: [Uri-review] Review request for gittorrent: URI scheme

Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com> Wed, 06 April 2016 04:46 UTC

Return-Path: <iana.url.schemes.gittorrent@chrisrebert.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E4512D0C3 for <uri-review@ietfa.amsl.com>; Tue, 5 Apr 2016 21:46:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, T_FILL_THIS_FORM_SHORT=0.01, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chrisrebert.com header.b=GGRT5yE7; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=AWvJ46LQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWJKSM1ejHcr for <uri-review@ietfa.amsl.com>; Tue, 5 Apr 2016 21:46:43 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7817C12D6D4 for <uri-review@ietf.org>; Tue, 5 Apr 2016 21:41:15 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 2BBC421A74 for <uri-review@ietf.org>; Wed, 6 Apr 2016 00:41:14 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute3.internal (MEProxy); Wed, 06 Apr 2016 00:41:14 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=chrisrebert.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=X2LfEvuW77Osck6brEoMNzIATpw=; b=GGRT5y E7b3LC4Kl+uR4jXfk4w57+6SBV/tLYT8A+QXFYJo5cpH5tERQEMRimpBivesxItJ 0/X2muk5FYyta9KY6u8KwthDf3172iG/Vpzz8e4GEDjOFy02WwHfIKebF4n87+m/ OAgZeNRe+uDBPBXs5jHmI7Z2O8wUHJExXsxG4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=X2LfEvuW77Osck6 brEoMNzIATpw=; b=AWvJ46LQsfW4oxpMgyrMdMMaEBVAKKqfcvq5h1qvD7bnmq8 fbo1+VxHXTtdAIxRU76O/tVIC+6JPe/4U61Y1zvsu61ryUrLypYZy4aE8M1ifEdG f8CdYTUxZH3fbXc83QU3DoIj4r/QS6jix2aSIaGmd1UkPy4hAjeYFWv4Y0Co=
Received: by web4.nyi.internal (Postfix, from userid 99) id EFE3B11563A; Wed, 6 Apr 2016 00:41:13 -0400 (EDT)
Message-Id: <1459917673.611180.570333121.28B1D0E7@webmail.messagingengine.com>
X-Sasl-Enc: MfVJftuKJyprHZ46eSiLB3Pb+rzg5djJsBNt/slj5a0d 1459917673
From: Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com>
To: uri-review@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6aa5290f
Date: Tue, 05 Apr 2016 21:41:13 -0700
In-Reply-To: <1459739409.1809977.567878170.34FFAB67@webmail.messagingengine.com>
References: <1459739409.1809977.567878170.34FFAB67@webmail.messagingengine.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/uri-review/8tR59SCxNKjYs7jAMNN490g4ei4>
Subject: Re: [Uri-review] Review request for gittorrent: URI scheme
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 04:46:45 -0000

On Sun, Apr 3, 2016, at 08:10 PM, Chris Rebert wrote:
> Hello,
> 
> Per the advice of RFC 7595, I hereby present the following proposed
> registration of the "gittorrent" provisional URI scheme for review.
> Any feedback is greatly appreciated. Thanks.

Here's a revised draft based on the feedback thus far.

Cheers,
Chris
****
http://chrisrebert.com
Browser 🐛 of the day:
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7124038/

********

Scheme name:  gittorrent

Status:  Provisional

Applications/protocols that use this scheme name:
  GitTorrent ("A decentralization of GitHub using BitTorrent and
  Bitcoin")

Contact:
  Scheme creator:
    Chris Ball <http://printf.net/>
  Registering party:
    Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com>

Change controller:
  Either the scheme creator or the registering party.

References:
  Ball, C., "Announcing GitTorrent: A Decentralized GitHub", 29 May
  2015,
      <http://blog.printf.net/articles/2015/05/29/announcing-gittorrent-a-decentralized-github/>.
  Ball, C., "GitTorrent", 2016, <http://gittorrent.org/>.
  Ball, C., "GitTorrent", 2016, <https://github.com/cjb/GitTorrent>.
  Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and B. Yang,
      "Ed25519: high-speed high-security signatures", 27 September 2011,
      <https://ed25519.cr.yp.to/>.
  Bitcoin Project, "Bitcoin - Open source P2P money", 2016,
      <https://bitcoin.org/en/>.
  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange
      Format", RFC 7159, March 2014.
  Cohen, B., "BEP 3: The BitTorrent Protocol Specification", 11 October
  2013,
      <http://www.bittorrent.org/beps/bep_0003.html>.
  Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 (SHA1)",
  RFC 3174,
      September 2001.
  "Git", 2016, <https://git-scm.com/>.

Scheme syntax:
  This scheme uses a profile of the RFC 3986 generic URI syntax.

  At the time of writing this registration, a gittorrent URI comes in
  one of
  three forms:

    0. Where the "authority" component is a domain name
      Example:  gittorrent://github.com/cjb/recursers
      The "path" and "query" components have no extra restrictions.

    1. Where the "authority" component is a 40-byte hexadecimal number
    (the
       conventional representation of a SHA-1 hash digest)
      Example: 
      gittorrent://81e24205d4bac8496d3e13282c90ead5045f09ea/recursers
      In this case, the "query" component is not permitted, and
      the "path" component consists of exactly one segment (the Git
      repository
      name).

    2. Where the "authority" is a username
      Example:  gittorrent://cjb/foo
      In this case, the "query" component is not permitted, and
      the "path" component consists of exactly one segment (the Git
      repository
      name).

  There may be further restrictions on the format of usernames and
  repository
  names.

  Given the youth of the GitTorrent project, additional gittorrent: URI
  forms
  might be defined in the future, and the interpretation of the existing
  forms
  could potentially be changed.  Implementors SHOULD consult the
  GitTorrent
  project for the most up-to-date information on gittorrent: URIs, as
  there is
  currently no de jure standard for them.  This third-party URI scheme
  registration is based on the GitTorrent reference implementation's
  documentation at the time of writing.

Scheme semantics:
  gittorrent URIs represent Git repositories and specify the metadata
  necessary
  to clone a repository, to read the repository's commits, and, with the
  necessary cryptographic key, to write commits to the repository.

  See the GitTorrent project for full details.
  The following is a summary of read-only usage when cloning the
  repository:

  In URIs of type (0), the SHA-1 hash identifier of the latest commit of
  the
  primary branch is fetched via the git protocol, as if this had been a
  git:
  URI.  The actual data for that commit (and its ancestors, if
  necessary) is
  then downloaded via BitTorrent.

  In URIs of type (1), the SHA-1 hash in the "authority" component is
  used as a
  key for a lookup in a BitTorrent DHT (distributed hash table).  The
  value
  obtained from the lookup is a JSON object representing a GitTorrent
  user
  profile, which includes the names of that user's repositories, the
  names of
  those repositories' git refs, and the SHA-1 hash identifiers of the
  commits
  that those refs currently point to.  The "path" component is the name
  of the
  repository, and is used to look up the corresponding SHA-1 hash commit
  identifier of the primary branch of the repository in the user
  profile.  The
  actual data for that commit (and its ancestors, if necessary) is then
  downloaded via BitTorrent.

  In URIs of type (2), the username in the "authority" component is used
  for an
  OP_RETURN transaction lookup in Bitcoin's blockchain.  If successful,
  this
  lookup yields a SHA-1 hash which is then used as a key for a lookup in
  a
  BitTorrent DHT (distributed hash table).  The value obtained from the
  lookup
  is a JSON object representing a GitTorrent user profile (as described
  in the
  previous paragraph).  The "path" component is the name of the
  repository, and
  is used to look up the corresponding SHA-1 hash commit identifier for
  the
  primary branch of the repository in the user profile.  The actual data
  for
  that commit (and its ancestors, if necessary) is then downloaded via
  BitTorrent.

Encoding considerations:
  Unknown, use with care.

Interoperability considerations:
  Not fully known, use with care.

  The "fragment" URI component has no known meaning or usage.  Unless it
  becomes meaningful in the future, omitting it is strongly advised.

Security considerations:
  Not fully known, use with care.

  GitTorrent normally uses public BitTorrent swarms, and thus doesn't
  ensure
  confidentiality of the Git data it stores.  Therefore it's normally
  unsuitable
  for Git repositories which contain unencrypted private data.  The
  confidentiality of the data when in transit between peers depends on
  the
  particular flavor of the BitTorrent protocol being used by the peers.

  Git and BitTorrent use SHA-1 hashes to ensure the integrity of the
  data.  The
  general security considerations for SHA-1 thus also apply to
  GitTorrent.
  GitTorrent uses Ed25519 as its digital signature scheme for ensuring
  the
  integrity and ownership of GitTorrent user profiles, and thus inherits
  the
  security considerations of Ed25519.

  gittorrent: URIs of type (0) refer to hosts using domain names.  The
  domain
  name resolution process is subject to its own set of security
  considerations
  (see RFC 4033).
  gittorrent: URIs of type (2) use GitTorrent usernames, which use the
  Bitcoin
  protocol/network for their registration infrastructure, and are thus
  subject
  to Bitcoin's security considerations.  Users of type (2) URIs should
  keep in
  mind that GitTorrent usernames don't necessarily correspond to the
  usernames
  of other Git-related systems, other source code management systems, or
  other
  software project management systems in general.  Users should
  externally
  verify the identities associated with GitTorrent usernames before
  utilizing
  gittorrent: URIs involving those usernames.

  Beware of homograph attacks when dealing with gittorrent: URIs. 
  Attackers may
  register GitTorrent usernames which deliberately appear visually
  similar to
  other GitTorrent usernames in an attempt to fool unwary users. 
  Attackers may
  likewise upload Git repositories with names which deliberately appear
  visually
  similar to those of other Git repositories.

  It's currently unclear precisely how GitTorrent software
  differentiates
  between gittorrent: URIs of type (0) and type (2).  For example,
  without
  further restrictions on allowed domain names, the URI
  gittorrent://abc/xyz
  could potentially either reference the top-level domain "abc" or the
  GitTorrent username "abc".  Similarly, without further restrictions on
  allowed
  GitTorrent usernames, the URI gittorrent://abc.xyz/qwe could
  potentially
  either reference the domain "abc.xyz" or the GitTorrent username
  "abc.xyz".
  The usage of gittorrent: URIs with usernames that contain periods
  should
  therefore be avoided for the time being.
  Accessing GitTorrent URIs while on an untrusted network is thus
  potentially
  dangerous, since a malicious network operator might be able to
  influence which
  interpretation the GitTorrent software chooses by causing the
  "username" to
  unexpectedly resolve as a domain name or by causing the domain name to
  resolve
  to the IP address of an attacker-controlled server.
  Git's integrity assurance mechanisms may allow these attacks to be
  detected in
  certain cases, provided that the Git repository had been previously
  cloned via
  a trustworthy mechanism.

v2.23.0 | Report a Bug | By Email