Notices where this attachment appears
-
@silverpill @p @mint @Moon @arcanicanis
> Why?
Data-puns rarely work out how you might hope. It's better for it to be unambiguous. It may seem unlikely that the DID is accidentally generated, but consider a maliciously crafted URL, for example.
One of the things Revolver does is just put an ID in the headers so that, like how IPFS does it, if the data is large enough that it hasn't all arrived by the time you've parsed the headers, you can consult the local storage first. (For example, `curl -I https://media.freespeechextremist.com/emoji/custom/revolvertan.png`.)
> I want to limit protocol changes to IDs because this should make the implementation simpler, at least in theory.
This is a good idea, but extending it when it's an extension is probably the best. If you're sending things based on what you think the other server understands, then that's harder to debug and easier to craft maliciously. Easiest way to do it is to just give everyone what you have (or at least what they ask for) and it keeps it more flexible, so maybe someone does an experimental Pleroma that supports fetching these DIDs but no one is delivering them because they saw "Pleroma" and guessed "Doesn't understand DIDs", or Pleroma starts to fully support them but all of the old posts were delivered without DIDs.
> And we could support even more URI types in the future.
If you do something like adding `"cas":{"ipfs":"hash", "did:ap":"other-hash", "rvl":"third-hash"}`, that might enable implementations to kind of branch off. Or maybe call it "alt" and add whatever Nostr uses to the list. Then an implementation's free to scan the "alt" list and find something it understands, and fetch otherwise.
(Working right now so it is possible I have rushed and have read carelessly.)