lsd0013

LSD0013: The donau:// scheme
Log | Files | Refs
commit 00ebedbf33bc122d72ca3557cfbe318a810e09a1
parent 836c45bca54e00d1c8386e4be233a4d83854ffb0
Author: Christian Grothoff <christian@grothoff.org>
Date:   Thu,  6 Nov 2025 17:49:13 +0100

remove donau+http variant from spec

Diffstat:

Mdraft-donau.xml | 17++---------------


1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/draft-donau.xml b/draft-donau.xml
@@ -173,7 +173,7 @@
   <figure>
   <artwork type="abnf"><![CDATA[
   ; Scheme and high-level structure
-  scheme    = "donau" / "donau+http"
+  scheme    = "donau"
   donau-URI = scheme "://" base "?" year-param "&"
               taxid-param "&" salt-param
               ("&" total-param "&" sig-param)?
@@ -291,7 +291,6 @@
     </t>-->
     <t>
       Validators <bcp14>MUST</bcp14> use HTTP over TLS when processing a "<tt>donau</tt>" URI.
-      Validators <bcp14>MUST</bcp14> use HTTP without TLS when processing a "<tt>donau+http</tt>" URI.
       The base origin <bcp14>SHOULD</bcp14> be shown to the
       user to indicate which authority issued the proof of donation.
       Alternatively, specific validation apps <bcp14>MAY</bcp14> only accept 'donau'
@@ -732,18 +731,6 @@ Value Encoding  Value Encoding  Value Encoding  Value Encoding
 <section anchor="security">
   <name>Security Considerations</name>
   <t>
-    Donau validators <bcp14>SHOULD</bcp14> support
-    "<tt>donau+http://</tt>"-URIs only when run in developer or debug mode
-    as otherwise the integrity and authenticity of the public key
-    cannot be assured.
-  </t>
-  <t>
-    Running  "<tt>donau+http://</tt>"-URIs on a production server
-    <bcp14>MUST NOT</bcp14> be permitted, since it would be a security issue.
-    This scheme is intended only for testing purposes,
-    for instance on <tt>localhost</tt>.
-  </t>
-  <t>
     Validator applications <bcp14>MUST</bcp14> include protections
     against repeated validations of the same donation statement
     with the same salt and year. Specifically, when summing up
@@ -955,7 +942,7 @@ W5WY4SASZQ4CRS427F4WJZJFZMQ5Y4HZNXGY30</tt></li>
 <!-- Change Log
 v00 2025-10-17  CG   Initial version
 v01 2025-10-21  EB   Including first reviews (motivations + change in URI structure)
-v02 2025-11-XX  CG   Removed all-caps versions from syntax, pointless since we now need "?" and "&" which are not in the alphanumeric set for QR codes
+v02 2025-11-05  CG   Removed all-caps versions from syntax, pointless since we now need "?" and "&" which are not in the alphanumeric set for QR codes, remove donau+http variant from specification
   -->
 </back>
 </rfc>