wtf chromium!!! -- thanks for reporting :) I'll write up some IPFS feedback for the Suborigin working group soon and will take a look.

Wow, that standard is going to be a wasted opportunity if we don't step in, @lgierth thank you-- will be a huge help if we can get Suborigins to behave like we need them to (basically like a different domain, and use any valid path)

@lgierth Any update on the suborigin writeup? Lets not let this one slip away and be forgotten

Right now I'm reading through the mailing list and current draft: https://w3c.github.io/webappsec-suborigins/

Tracking my progress in ipfs/specs#131

Okay I think we can fix this by using HSHCA for the suborigin value, in order to make it lower case.

Please see my other comment under the specs repo but in short therms: we should encode whole two segments of the path not only the multihash so it also works for ipns and other future protocols (ipld, view transformations and so on).

The other day a discussion started about further restricting the characters allowed for suborigin names, and I expressed a preference for "ban starting with a number"/"disallow numerals" over "only lowercase a-z".

w3c/webappsec-suborigins#47

I'm also getting this on the /ipfs/webui path in Chrome itself.

w3c/webappsec-suborigins#62 updates the rules for suborigin names:

LOWERALPHA *( LOWERALPHA / DIGIT )

Note: A suborigin name must start with a lowercase character, but after the
first character, the name may contain lowercase characters or numerals. This
is to avoid potential confusion when the origin is serialized if the
serialization started with a number.

The standard also allows some special values (null).

This means that we probably should have constant prefix so special values can't be hit by encoded hash.

This means that we probably should have constant prefix so special values can't be hit by encoded hash.

Yes agreed, it could be an unencoded ipfs or cid.

we should encode whole two segments of the path not only the multihash so it also works for ipns and other future protocols (ipld, view transformations and so on).

/ipns and /ipfs are naturally separated because there will never be anything within /ipfs with the same multihash or cid as something within /ipns and vice versa. For anything else that might come in the future, we can apply still apply prefixes without having to change the ones for /ipfs and /ipns. But I really don't have strong feelings about it, and this value is supposed to be opaque anyhow.

dnslink

I can't find it anymore, but someone brought up suborigins and dnslink.

1. We'll have to figure out how to turn /ipns/doman.tld into a suborigin.
2. Cases where the gateway uses the Host header and turns it into /ipns/hostvalue don't use suborigin at the moment, and don't need to in the future.

To fix it properly we need to decide on suborigin prefix and add cid.EncodeWithBase for chosen base encoding of CIDs.

Quick update in the context of move to CIDv1 Base32 (https://github.com/ipfs/ipfs/issues/337, ipfs/in-web-browsers#66 (comment)).

CIDv1

Base32 is case-insensitive, so just prefix and use CID as-is:

Location: https://ipfs.io/ipfs/bafkreigh2akiscaildcqabsyg3dfr6chu3fgpregiymsck7e7aqa4s52zy
Suborigin: ipfs000bafkreigh2akiscaildcqabsyg3dfr6chu3fgpregiymsck7e7aqa4s52zy

CIDv0

This one is bit smelly, right now its just a CIDv0 encoded in Base32:

Location: https://ipfs.io/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR
Suborigin: ipfs000bciqmhrdth3ek77igz6pj75ip7rv42lwiljqxaaclw4ewnhbr32kdsgq

We can leave it as-is, or normalize it to CIDv1 Base32 to have the same string length everywhere.

IPNS

Case-insensitive representation of PeerIDs is an open issue: #5287

This was fixed by simply encoding the raw CID as base32. The new format is: ipfs000base32cid and/or ipns000base32cid.