gribneau
commented
2 years ago Within the context of this PR, I think it would be beneficial to address a number of issues that have been noted in the text of the specification with an eye to ensuring that our explicit handling of those issues is adequate to remove them from the text and close them.
These appear on lines 462, 466, 487, and 582.
That informational section is intended to address those issues (and others), and avoid making did:web something it cannot be without a dramatic increase in complexity. This method should support DID delivery by static webservers in the simplest possible fashion.
There is also an ongoing discussion about the language describing potential DNS vulnerabilities and mitigation in #45, and we could pick up #46 and #44 as well.
Ideally, I'd like this PR to clean up the text and clear out as many outstanding issues as possible.
I've reorganized the document, extended the resolution logic, added server configuration considerations, and updated RFC references.
There are still comments in this document referencing various issues, but I have moved them to sections dedicated to discussing the issues raised. We should reach a consensus on paths forward for these. I think most of them have been resolved by simply recognizing (and calling out) the reality of resolution over https and can be removed.