Description
The current binding for DID resolution uses HTTP GET method. This has a couple of drawbacks:
-
The content in the path is not encrypted permitting monitoring by third parties of DID resolutions to specific HOSTS undertaken by specific CLIENTS. Using HTTP POST method would prevent such monitoring by including the DID being resolved in the body
-
There is a maximum character limit for URLs which, while it varies, it is possible there will be issues with URLs that are longer that 4000 characters long due to issues with servers and firewalls trying to protect them from CVEs. DIDs are sometimes quite long and it would be nice that HTTPS resolvers are made safer for longer DIDs. For example see https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
and https://stackoverflow.com/questions/6304397/long-urls-with-more-than-4095-characters-in-php
Please consider adding in an alternative HTTPS binding to use POST