Re: Stab in the dark

Larry Masinter (masinter@parc.xerox.com)
Fri, 18 Mar 1994 19:45:13 --100


> Surely, you can include the md5 signature of the document as a parameter
> tacked onto the URN, using ";" as a separator as Dan suggested. This way
> is safe if the document including the URN is trusted. The actual ownership
> of the document can be checked provided it includes a public key signature
> and related issuer certificates.

If URNs are allowed to refer to multiple formats of documents, or
multiple versions of updating documents, or online streams of
information that you might telnet to, then no, you can't easily
include the MD5 signature of the document.

What you're saying is that you don't have to trust the URN -> URL
resolution process, because you will verify the entire URN ->
<resource> resolution?

I'm not sure I can live with that, although I'd like to think about it
a bit more.