On Tue, Jul 21, 2020 at 2:42 AM Mark Nottingham <mnot@xxxxxxxx> wrote:
That's a good summary. To me, the question is whether there are ways to avoid spurious / vanity registrations without creating unnecessary barriers to entry.
I have railed against 'vanity crypto' in the past. And there is actually a pretty good argument that less crypto is more. But I have since realized even that type of gatekeeping is counterproductive.
There are some important and valid concerns, the two most important for me being:
* Avoiding ambiguity where two communities attempt to use the same scheme.
* Avoiding namespace exhaustion.
There is also:
* Enabling interoperability.
* Ensuring availability of documentation
* Maintaining quality
Which are important to some of course. BUT is it worth our time and effort to save people from their own folly unasked? I don't ask people to look at my stuff because I enjoy having people jump up and down on the little pieces. I do it because I want it to work, and to be useful. If people want to shoot themselves in the feets, why not let them?
I come to the IETF for advice and to build a deployment coalition for my proposals. I have never come to ask permission.
The IETF tried to establish a gatekeeper role over DNS SRV prefixes at one point. And it collapsed because there was far more interest in gatekeeping than allowing anyone allocations. When I attempted to register the code points for SAML, the IETF had no process whatsoever and those attempting to create one were still being given the run-around five years after the SAML specs published with code points I made up.
The area where I do see a real need for process is defining schemes for existing protocols. Lets say someone invents a pgp: scheme. I think it would be pretty important that such a scheme get community review.
Gatekeeping can be a useful function but it can also do immense damage. Stopping one good idea does real harm. And lets not be prejudiced about ideas people have in the shower. I do much of my best thinking in the hot tub.
There have always been people who think that their role in the Internet is to identify bad ideas and stop them happening and that this is doing the community a favor.
So while the second set of concerns are valid, I don't see the IETF achieving anything good by attempting to enforce them, on the contrary, it is only causing harm.
The IANA protocol directory has been open for some time. I have registered mmm for Mathematical Mesh Services. Now, I ask you, should anyone else be allowed to register mmm for their URI scheme? Seems like that would only lead to confusion. And I would make the exact same argument for .well-known.
My proposal is this:
Collapse the protocol, .well-known and uri registries into one registry of application name labels. Registering a label in the application name labels registry would be 'essentially' first come first served and automatically create reservations for the .well-known and uri scheme, to be used if required.
By 'essentially', I mean we should have guards in place to stop speculative reservation of namespace, namejumping and the like.
