WingNews logo WingNews
top | item 24323405

(no title)

marijn | 5 years ago

> Brave concerns about WebBundles are legit in a location-based addressing Internet, but all of them would immediately be removed the moment we switch from a location-based addressing to a content-based addressing approach for the Internet.

I failed to find any good case being made for why content-addressable content would be any less likely to try to perform malicious actions than URL-addressed content. Is this just utopian wishful thinking or did I miss something?

discuss

order

spankalee|5 years ago

Brave's concerns aren't legit though. WebBundles don't change the request/response system or origin model of the web. They really don't change URLs or blocker abilities at all. Brave is ascribing them either powers they don't have, or that you can already do with plain servers.

hinkley|5 years ago

What’s the origin for addressable content?

rudolph9|5 years ago

The address of the content is a hash of the content. It’s trivial for even low power devices to verify the content they revived matches the address they requested.

rudolph9|5 years ago

*received (not revived)

hinkley|5 years ago

We are moving by increments toward not letting content on a page send information directly to a separate origin.

With content addressable networks, it would be a challenge to enforce this, which implies rolling back security improvements, which means security regression.

For interactive content, at least part of the page has to have an origin. Maybe only the root document get an origin, and the rest gets none or the same?

But then what happens with domain expiry?

It may mean that interactive documents require a web server, even if the bulk of the page, or even a document tree, is stitched together from addressable content.

sktrdie|5 years ago

I think it’s because with content addressable URLs, the URL is a hash and you can verify that the content never changes? But not 100% sure

marijn|5 years ago

Right. But that only works for resources whose initial version is fully trusted (due to review or trust in its source), and which never change. Which doesn't cover a lot of the usefulness of the web.