iherman
commented
2 weeks ago This issue should be closed if and when #68 is merged.
Open selfissued opened 2 weeks ago
iherman
commented
2 weeks ago This issue should be closed if and when #68 is merged.
msporny
commented
2 weeks ago If we take these digests out, then we have to reference where they are defined (which is Data Integrity) and if we do that, people will object.
If we don't include the hashes, then we won't implement a consensus requirement made by the group (which is to list the content hashes for all external resources specified). While JSON-LD is not required (again, problematic because there is no decentralized extensibility story or i18n story in the spec if we don't use it), for those that choose to use JSON-LD, they won't have hashes to verify the external contexts.
I don't think we can pull this PR in w/o creating the problems listed above. We either have to normatively cite Data Integrity, or we have to list the hashes in this specification.
msporny
commented
2 weeks ago @iherman #68 is an issue, did you mean #43?
selfissued
commented
2 weeks ago Let's discuss this in the working group.
selfissued
commented
2 weeks ago At the very least, this content should move to the Data Integrity spec:
URL: https://w3id.org/security/data-integrity/v2 (application/ld+json) SHA2-256 Digest: 67f21e6e33a6c14e5ccfd2fc7865f7474fb71a04af7e94136cb399dfac8ae8f4
https://www.w3.org/TR/2024/WD-controller-document-20240817/#contexts-and-vocabularies The text in Section 4 (Context and Vocabularies) reiterates content defined elsewhere - hashes of contexts - that is not needed for Controller Documents. Even when the controller document uses JSON-LD, which is optional, this at-risk content can be obtained from its primary sources. Please delete this heading and all the text before Section 4.1.