@@ -50,6 +50,7 @@ The version number specified here also applies to the API documentation.
5050 - [ 7.2.2.1 Body size] ( #7221-body-size )
5151 - [ 7.2.2.2 Interval between re-signing batches] ( #7222-interval-between-re-signing-batches )
5252 - [ 7.3 Moving data] ( #73-moving-data )
53+ - [ 7.3.1 Content Addressing with relative roots] ( #731-content-addressing-with-relative-roots )
5354 - [ 7.4 Challenges and trust] ( #74-challenges-and-trust )
5455 - [ 8. Protocol extensions (P2 extensions)] ( #8-protocol-extensions-p2-extensions )
5556 - [ 8.1 Extension design] ( #81-extension-design )
@@ -595,6 +596,10 @@ must revoke the session associated with the revoked ID-Cert. Revoking an ID-Cert
595596 The above paragraph is true for both foreign and home servers. The API routes associated with
596597 revoking an ID-Cert are the same regardless of the server type.
597598
599+ TODO: Write about identifier changing and how to handle that across servers
600+ TODO: Perhaps recommend never using more than a specified number of certificates at once to make
601+ re-signing easier
602+
598603### 6.2 Actor identity keys and message signing
599604
600605As briefly mentioned section [ #4 ] ( #4-federated-identity ) , users must hold on to an identity key pair
@@ -1110,6 +1115,43 @@ aa-xsa: Deactivate account
11101115How this process is implemented is up to P2 extensions to define. The above steps are only a
11111116guideline. The API routes for data export and import are documented in the API documentation.
11121117
1118+ #### 7.3.1 Content Addressing with relative roots
1119+
1120+ Moving data from one server to another might break references to this data. To prevent this as much
1121+ as possible, content addressing with relative roots is recommended for data behind an additional
1122+ layer of indirection.
1123+
1124+ !!! example
1125+
1126+ In a chat service, a user might have posted a message containing a picture. In this example, the
1127+ picture is stored on the user's home server, which is not necessarily the same server as the
1128+ chat service. If the user moves their account to another server, the picture might not be
1129+ accessible anymore.
1130+
1131+ Content addressing with relative roots aids in preventing this issue. Instead of referring to
1132+ the absolute URL of the content, the server processing the content generates a unique identifier.
1133+ This identifier can be used to retrieve the content from the server. Most importantly, this
1134+ identifier does not change when the content is moved to another server. If the base domain of the
1135+ new server is known, the identifier can be used to retrieve the content from the new server.
1136+ The "relative root" is the base domain of the server, which is used to retrieve the content.
1137+
1138+ The uniqueness constraint of the identifier is important. If a collision occurs when trying to
1139+ move the content to another server, the content cannot be migrated in a way that preserves the
1140+ references to it. One way to ensure the uniqueness of the identifier is to use a hash function on the
1141+ content itself. Combining this has with a cryptographically strong nonce, then hashing the result of
1142+ concatenating the nonce and the hash of the content should yield a unique identifier.
1143+
1144+ The API route for content addressing with relative roots is formatted as follows:
1145+
1146+ ` <server_url>/.p2/core/content/<content_id> `
1147+
1148+ The API route for content addressing with relative roots is documented more thoroughly in the API
1149+ documentation.
1150+
1151+ Servers with no need for content addressing with relative roots can select to not implement this
1152+ feature. Servers not implementing this feature should return a ` 404 Not Found ` status code when
1153+ the API route is accessed. Clients should expect finding servers not implementing this feature.
1154+
11131155### 7.4 Challenges and trust
11141156
11151157Changing the publicly visible ownership of actor data requires the chain of trust to be maintained.
0 commit comments