Write an internet draft #76
Conversation
| - | ||
| name: Jeffrey Yasskin | ||
| organization: Google | ||
| email: jyasskin@chromium.org |
There was a problem hiding this comment.
is it normal to use Chromium or Google addresses here?
There was a problem hiding this comment.
Folks seem to vary. Several people use @google, but https://tools.ietf.org/html/rfc6797 uses a personal address.
| --- abstract | ||
|
|
||
| Web Packages provide a way to bundle up groups of web resources to | ||
| transmit them together. These bundles can then be signed to establish |
|
|
||
| People with expensive or intermittent internet connections are used | ||
| to sharing files via P2P links and shared SD cards. They should be | ||
| able to install web applications they received this way. Installing a |
There was a problem hiding this comment.
is "web application" well defined?
There was a problem hiding this comment.
I don't know a well-defined term for this. "Install" doesn't work well with "websites", which also isn't particularly defined. "Service workers" have a defined install step, but it's not obvious that we want to insist on service workers for these packages. Any suggestions?
| People with expensive or intermittent internet connections are used | ||
| to sharing files via P2P links and shared SD cards. They should be | ||
| able to install web applications they received this way. Installing a | ||
| web application requires a TLS-type guarantee that it came from and |
There was a problem hiding this comment.
What is TLS-type? Cryptographic? PKI-based?
| ---------------------------- | ||
|
|
||
| Publishers and readers should be able to generate a package once, and have it | ||
| usable by all browsers. |
There was a problem hiding this comment.
Do we envision tools other than browsers using this? I can think possibly an "explode to filesystem" tool would be necesary as well
There was a problem hiding this comment.
That's true, but I'm not sure it addresses the need for standardization?
| 1. Let *certificate* be `certificates`\[*signature*\["keyIndex"]]. | ||
|
|
||
| 1. The parser MUST define a partial function from public key types to signing | ||
| algorithms, with the following map as a subset: |
There was a problem hiding this comment.
"as a subset" isn't very clear to me, perhaps this is mathematician lingo though?
There was a problem hiding this comment.
Yes, derived from a function being a particular kind of relation, which is a set of pairs; but this document should be comprehensible to non-mathematicians, so I've changed it.
|
|
||
| Let *origin* be `manifest`\["metadata"]\["origin"]. | ||
|
|
||
| Try to find a certificate in *signing-certificates* that has an identity |
There was a problem hiding this comment.
"Try to find" is unclear, perhaps something like "iterate through signing-certificates until one is found that has an identity matching ...
| resources are not otherwise distinguished from the rest of the resources in the | ||
| package. Sub-packages can form an arbitrarily-deep tree. | ||
|
|
||
| There are three possible forms of dependencies on sub-packages, of which we |
There was a problem hiding this comment.
Perhaps reorder this paragraph after the cddl defining a subpackage?
|
|
||
| Note that because the sub-package may include sub-sub-packages by date, the top | ||
| package may need to explicitly list those sub-sub-packages' hashes in order to | ||
| be completely constrained. |
There was a problem hiding this comment.
nit: Could use an example.
| and even in online scenarios, | ||
| such | ||
| [revocation checks don't actually work](https://www.imperialviolet.org/2012/02/05/crlsets.html). | ||
| Instead, package consumers must check for a sufficiently recent set of |
There was a problem hiding this comment.
Does this mean that packages become unusable after 7-30 days offline?
There was a problem hiding this comment.
Yes, although there'll be a cheap way to update them and to distribute those updates offline. I can make an argument that we should let a package live forever on a given device as long as that device never goes online, but I'm not sure it'll convince everyone.
955e2c3 to
03c0c8e
Compare
|
I'm going to merge this to make it easier for me to build on top of it. Feel free to send other comments or file bugs about what needs to change. |
…e it was under review at WICG#76.
03c0c8e to
c7185c2
Compare
c7185c2 to
17a3460
Compare
Fixes #71. I'm going to submit the draft to the IETF before this is reviewed in order to make their July 3 deadline, but I definitely want y'all to point out problems so I can fix them in the next draft.
I've pre-emptively removed the :method header (#70) and changed the
sectionsmap into an array, and I'll backfill those into the explainer and implementation when I get a bit more time.