[Uri-review] Review request for gittorrent: URI scheme
Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com> Mon, 04 April 2016 03:10 UTC
Return-Path: <iana.url.schemes.gittorrent@chrisrebert.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B50212D0F7 for <uri-review@ietfa.amsl.com>; Sun, 3 Apr 2016 20:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.558
X-Spam-Level:
X-Spam-Status: No, score=-1.558 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, T_FILL_THIS_FORM_FRAUD_PHISH=0.01, T_FILL_THIS_FORM_SHORT=0.01, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chrisrebert.com header.b=wray9UOu; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=bUE9E0RF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGdsN8FeVu90 for <uri-review@ietfa.amsl.com>; Sun, 3 Apr 2016 20:10:11 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD7EE12D0B0 for <uri-review@ietf.org>; Sun, 3 Apr 2016 20:10:10 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E8819206BA for <uri-review@ietf.org>; Sun, 3 Apr 2016 23:10:09 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute1.internal (MEProxy); Sun, 03 Apr 2016 23:10:09 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=chrisrebert.com; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=cM1 3PUq4xjJjnjdRA30Wo1yXWtQ=; b=wray9UOuJeQWEtNXmeiUOKg67DsL81N/ajl NtvZOb4Vy1quucW+xILaCKICsz+vJieQnZmQiHSnUVCh3/t3IiqlbnrCLiWDUngd 5uPUhB2syIBHUN0SKRY06ZvSr5dzFU8vgWSiVOR/kHULAlFHrQzQuR/WoHaNK5TM dMvCqUBY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=cM13PUq4xjJjnjdRA30Wo1yXWtQ=; b=bUE9E 0RF46QCrT2+EpCTm9rwkrE5wtRnBlL4LFup5dJYxaau3jTHLTEOhpwF+y+lRk6Rk dA4062zlEx1xrRwrDxAXdtWGi6vlCWTAJCfOhJr68s9fSEp71nPwx/LL0Kr42Xx5 mokiEXv0MpF7oQviUzTkGJcBIllZ8ZU4lVUjoc=
Received: by web4.nyi.internal (Postfix, from userid 99) id B0D5A106852; Sun, 3 Apr 2016 23:10:09 -0400 (EDT)
Message-Id: <1459739409.1809977.567878170.34FFAB67@webmail.messagingengine.com>
X-Sasl-Enc: Dnn10hG9Omq/PbMkrsy9nfMxRTk6nP2Zv897OK4S8ng8 1459739409
From: Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com>
To: uri-review@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-2373d6a1
Date: Sun, 03 Apr 2016 20:10:09 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/uri-review/JlxllFUvhr87DUvic1iZ7mVch34>
Subject: [Uri-review] Review request for gittorrent: URI scheme
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 03:10:12 -0000
Hello, Per the advice of RFC 7595, I hereby present the following proposed registration of the "gittorrent" provisional URI scheme for review. Any feedback is greatly appreciated. Thanks. Cheers, Chris **** http://chrisrebert.com Browser 🐛 of the day: http://bugzil.la/1259972 ******** Scheme name: gittorrent Status: Provisional Applications/protocols that use this scheme name: GitTorrent ("A decentralization of GitHub using BitTorrent and Bitcoin") Contact: Scheme creator: Chris Ball <http://printf.net/> Registering party: Chris Rebert <iana.url.schemes.gittorrent@chrisrebert.com> Change controller: Either the scheme creator or the registering party. References: Ball, C., "Announcing GitTorrent: A Decentralized GitHub", 29 May 2015, <http://blog.printf.net/articles/2015/05/29/announcing-gittorrent-a-decentralized-github/>. Ball, C., "GitTorrent", 2016, <http://gittorrent.org/>. Ball, C., "GitTorrent", 2016, <https://github.com/cjb/GitTorrent>. Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and B. Yang, "Ed25519: high-speed high-security signatures", 27 September 2011, <https://ed25519.cr.yp.to/>. Bitcoin Project, "Bitcoin - Open source P2P money", 2016, <https://bitcoin.org/en/>. Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, March 2014. Cohen, B., "BEP 3: The BitTorrent Protocol Specification", 11 October 2013, <http://www.bittorrent.org/beps/bep_0003.html>. Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 (SHA1)", RFC 3174, September 2001. "Git", 2016, <https://git-scm.com/>. Scheme syntax: This scheme uses a profile of the RFC 3986 generic URI syntax. The "fragment" URI component is never permitted. A gittorrent URI may come in one of three forms: 0. Where the "authority" component is a domain name Example: gittorrent://github.com/cjb/recursers The "path" and "query" components have no extra restrictions. 1. Where the "authority" component is a 40-byte hexadecimal number (the conventional representation of a SHA-1 hash digest) Example: gittorrent://81e24205d4bac8496d3e13282c90ead5045f09ea/recursers In this case, the "query" component is not permitted, and the "path" component consists of exactly one segment (the Git repository name). 2. Where the "authority" is a username Example: gittorrent://cjb/foo In this case, the "query" component is not permitted, and the "path" component consists of exactly one segment (the Git repository name). There may be further restrictions on the format of usernames and repository names. Scheme semantics: See the GitTorrent project for details. The following is a summary of read-only usage. gittorrent URIs represent Git repositories and specify the metadata necessary to clone a repository, to read the repository's commits, and, with the necessary cryptographic key, to write commits to the repository. In URIs of type (0), the SHA-1 hash identifier of the latest commit of the primary branch is fetched via the git protocol, as if this had been a git: URI. The actual data for that commit is then downloaded via BitTorrent. In URIs of type (1), the SHA-1 hash in the "authority" component is used as a key for a lookup in a BitTorrent DHT (distributed hash table). The value obtained from the lookup is a JSON object representing a GitTorrent user profile, which includes the names of that user's repositories, the names of those repositories' git refs, and the SHA-1 hash identifiers of the commits that those refs currently point to. The "path" component is the name of the repository, and is used to look up the corresponding SHA-1 hash commit identifier for the repository in the user profile. The actual data for that commit is then downloaded via BitTorrent. In URIs of type (2), the username in the "authority" component is used for an OP_RETURN transaction lookup in Bitcoin's blockchain. If successful, this lookup yields a SHA-1 hash which is then used as a key for a lookup in a BitTorrent DHT (distributed hash table). The value obtained from the lookup is a JSON object representing a GitTorrent user profile (as described in the previous paragraph). The "path" component is the name of the repository, and is used to look up the corresponding SHA-1 hash commit identifier for the repository in the user profile. The actual data for that commit is then downloaded via BitTorrent. Encoding considerations: Unknown, use with care. Interoperability considerations: Not fully known, use with care. The "fragment" URI component has no known meaning or usage. Unless it becomes meaningful in the future, omitting it is strongly advised. Security considerations: Not fully known, use with care. GitTorrent normally uses public BitTorrent swarms, and thus doesn't ensure confidentiality of the Git data it stores. Therefore it's normally unsuitable for Git repositories which contain unencrypted private data. The confidentiality of the data when in transit between peers depends on the particular flavor of the BitTorrent protocol being used by the peers. Git and BitTorrent use SHA-1 hashes to ensure the integrity of the data. The general security considerations for SHA-1 thus also apply to GitTorrent. GitTorrent uses Ed25519 as its digital signature scheme for ensuring the integrity and ownership of GitTorrent user profiles, and thus inherits the security considerations of Ed25519. gittorrent: URIs of type (0) refer to hosts using domain names. The domain name resolution process is subject to its own set of security considerations (see RFC 4033). gittorrent: URIs of type (2) use GitTorrent usernames, which use the Bitcoin protocol/network for their registration infrastructure, and are thus subject to Bitcoin's security considerations. Users of type (2) URIs should keep in mind that GitTorrent usernames don't necessarily correspond to the usernames of other Git-related systems, other source code management systems, or other software project management systems in general. Users should externally verify the identities associated with GitTorrent usernames before utilizing gittorrent: URIs involving those usernames. Beware of homograph attacks when dealing with gittorrent: URIs. Attackers may register GitTorrent usernames which deliberately appear visually similar to other GitTorrent usernames in an attempt to fool unwary users. Attackers may likewise upload Git repositories with names which deliberately appear visually similar to those of other Git repositories. It's currently unclear precisely how GitTorrent software differentiates between gittorrent: URIs of type (0) and type (2). For example, without further restrictions on allowed domain names, the URI gittorrent://abc/xyz could potentially either reference the top-level domain "abc" or the GitTorrent username "abc". Similarly, without further restrictions on allowed GitTorrent usernames, the URI gittorrent://abc.xyz/qwe could potentially either reference the domain "abc.xyz" or the GitTorrent username "abc.xyz". The usage of gittorrent: URIs with usernames that contain periods should therefore be avoided for the time being. Accessing GitTorrent URIs while on an untrusted network is thus potentially dangerous, since a malicious network operator might be able to influence which interpretation the GitTorrent software chooses by causing the "username" to unexpectedly resolve as a domain name or by causing the domain name to resolve to the IP address of an attacker-controlled server. Git's integrity assurance mechanisms may allow these attacks to be detected in certain cases, provided that the Git repository had been previously cloned via a trustworthy mechanism.
- [Uri-review] Review request for gittorrent: URI s… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Graham Klyne
- Re: [Uri-review] Review request for gittorrent: U… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Chris Rebert
- Re: [Uri-review] Review request for gittorrent: U… Graham Klyne
- Re: [Uri-review] Review request for gittorrent: U… Roy T. Fielding