[tgbugs]

I find the choice to use ownership language strange. The url/uri based systems are fundamentally inadequate for many if not most of their current use cases (they are not and never were intended to be persistent), and as the authors point out, there the urn system requires a central authority. Thus there is a need for some other system.

The ability to claim and prove authorship and determine the provenance (or tampering) of an identified document is crucial. For the most part people bindly trust that the nytimes.com that they are seeing is the real one, but there are so many ways that the can be compromised it is hard to comprehend.

More importantly, the current ways of protecting oneself against such issues are no longer accessible to the common man except via an interaction with some giant corporate edifice that they also have to trust. If you want to publish a document and distribute it in a way that its integrity and authorship can be determined there aren't good options.

Even more more to the point, there is currently no way general way to give a link to such a document that can be dereferenced to an untrusted host in such a way that the integrity of the document can be verified.

I supposed we could all share magnet links and check that they were signed with the nytimes pgp key, but then we are back to the issue of how to determine and distribute the nytimes pgp key. The WOT doesn't work, and pgp fails for anonymous publishing. Maybe the infrastructure behind DIDs will be able to solve the problems with WOT.

It will be interesting to see what comes of this, but I'm wary of its adjacency to the blockchain buzzwords.

[dane-pgp]

> If you want to publish a document and distribute it in a way that its integrity and authorship can be determined there aren't good options.

Perhaps the situation would be a little better if browsers supported Hashlinks[0]. The integrity hash in the URL would ensure that that the document returned is the one intended by the person who gave you the link.

I don't think it quite makes sense for a browser to store an address book of identities with associated public keys, but if an author hosts their document on a domain that is associated with them (and has a TLS certificate, recorded in a Certificate Transparency log) then the visitor can be reasonably sure of the document's authorship.

For good measure, the document should include in its body the domain name of the site where it is hosted, to avoid any weird problems with redirects.

[0] https://w3c-ccg.github.io/hashlink/