the addressing is nice but side effects from using the addressing are underspecified
when it comes to security, underspecification is the devil's workshop
@kaniini what should we do about it? many of these underspecifications were intentional, such as in anticipation of usage over non-http protocols, which leaves me wondering what we as devs are supposed to do about the practical hindrances they cause.
but unfortunately, to provide the security guarantees people want, AP needs radical overhaul anyway. everything needs to become OCAP for example. everything needs to be properly authenticated.