[marijn]

> Brave concerns about WebBundles are legit in a location-based addressing Internet, but all of them would immediately be removed the moment we switch from a location-based addressing to a content-based addressing approach for the Internet.

I failed to find any good case being made for why content-addressable content would be any less likely to try to perform malicious actions than URL-addressed content. Is this just utopian wishful thinking or did I miss something?

[spankalee]

Brave's concerns aren't legit though. WebBundles don't change the request/response system or origin model of the web. They really don't change URLs or blocker abilities at all. Brave is ascribing them either powers they don't have, or that you can already do with plain servers.

[hinkley]

What’s the origin for addressable content?

[yencabulator]

Whatever Signed HTTP Exchange it can successfully claim. The whole point of this work is to separate origin from where you managed to download the bytes from.

Imagine CDNs that cannot forge content for your site.

[hinkley]

Okay, so for single source content I can either derive or assert an origin. Composition, not so much...

[rudolph9]

The address of the content is a hash of the content. It’s trivial for even low power devices to verify the content they revived matches the address they requested.

[rudolph9]

*received (not revived)

[hinkley]

We are moving by increments toward not letting content on a page send information directly to a separate origin.

With content addressable networks, it would be a challenge to enforce this, which implies rolling back security improvements, which means security regression.

For interactive content, at least part of the page has to have an origin. Maybe only the root document get an origin, and the rest gets none or the same?

But then what happens with domain expiry?

It may mean that interactive documents require a web server, even if the bulk of the page, or even a document tree, is stitched together from addressable content.

[sktrdie]

I think it’s because with content addressable URLs, the URL is a hash and you can verify that the content never changes? But not 100% sure

[marijn]

Right. But that only works for resources whose initial version is fully trusted (due to review or trust in its source), and which never change. Which doesn't cover a lot of the usefulness of the web.