[art] Against BCP 190
Rob Stradling <rob@sectigo.com> Fri, 12 July 2019 16:45 UTC
Return-Path: <rob@sectigo.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F6A120191 for <art@ietfa.amsl.com>; Fri, 12 Jul 2019 09:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-r-5512shR3 for <art@ietfa.amsl.com>; Fri, 12 Jul 2019 09:45:34 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 517781201E4 for <art@ietf.org>; Fri, 12 Jul 2019 09:45:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vrhcr0e9160Qchr3h/vHaHdpGObtGhOGtib6NBu46d659xelEWdV9Q4zvMD995cX60O/Wy/rFtnbclR3SZCLngdK8ixD34zMoUqwailb8tCglA2ecekIVCGQkzBcx60NboUv/+SSM/3P40kO2fUQL/CtleUdVE3LoW4q1CN8XTcbiAHAHrWiPz6y0cmd4i+VmlZ5wzJO2vqAiMdVzkVHNg2HtVpABHI8/wxwtD7ky+4QMYp3DZtZpV6NxMYV8DHw3GeZtE93bXwaLbVkla3FL0E4TCNyanSiA8EG5svNL7DR4VWeu1+RxgkK+U6Q7f7SURhjEhB7KIdWBQRoyR+ycA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eB8OcN9aghpbDnPYkE0Tmgt7y1dDLI9MNfPMzNJZkaM=; b=I4muNB2bneqXP11occmp3tFVTQ+fvNpAci32A69O90HUgWlaneUe4nVWIAI8GoMfoSTdb/gqVVcgq47TmXWHBk9FVpyR+ALmp8UkR3dH2+Sldx5l/ci8yJWen/AOieLTVTVdhPniuzjN/4mH/ot+BZpH9EoSWD8qLm+9LGdNNkcNqNW+p31+PECBoFsU75jmdoCJZzbjsUxXv5E8xllfI0QUoUE3AZRnzZzQ2cUIYClRovutcWLcdJnoc+Xyd/OYr2MGujeqaG86N1nwccfTHCO4xPzTZWyFiaD8IkPMKNXEaYi6Oi1ztRm8hz0eUs4BYrfrciBpKMNBGZvXFRi2lg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=sectigo.com;dmarc=pass action=none header.from=sectigo.com;dkim=pass header.d=sectigo.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector1-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eB8OcN9aghpbDnPYkE0Tmgt7y1dDLI9MNfPMzNJZkaM=; b=kgkk+w39IaNopFq1N+/KraSsKr2fU1S1kTrDW9YJqs2oexpA8ESVdxbj7F9JGXC2/NznIqSyZTUEqnu3p3oPqsCqT2sJNfyfFsiIOxN8fp021qLVND67awrZ4ANcIbiKajSrdyFUCDWj+kwtZtQfrpT+3zrwUp6Xc0EIkoLzp3k=
Received: from DM5PR17MB1211.namprd17.prod.outlook.com (10.173.132.148) by DM5PR17MB0937.namprd17.prod.outlook.com (10.168.115.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Fri, 12 Jul 2019 16:45:32 +0000
Received: from DM5PR17MB1211.namprd17.prod.outlook.com ([fe80::b556:345c:94cf:7258]) by DM5PR17MB1211.namprd17.prod.outlook.com ([fe80::b556:345c:94cf:7258%6]) with mapi id 15.20.2052.019; Fri, 12 Jul 2019 16:45:32 +0000
From: Rob Stradling <rob@sectigo.com>
To: "art@ietf.org" <art@ietf.org>
Thread-Topic: Against BCP 190
Thread-Index: AQHVONE49QiOuql8SkKGOYCD0sBxdg==
Date: Fri, 12 Jul 2019 16:45:31 +0000
Message-ID: <791b33b8-4696-f69c-aca3-8838b2caafd8@sectigo.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: CWLP123CA0083.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:5b::23) To DM5PR17MB1211.namprd17.prod.outlook.com (2603:10b6:3:8b::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [96.225.92.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 209543f7-a915-42f8-71ff-08d706e85a88
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR17MB0937;
x-ms-traffictypediagnostic: DM5PR17MB0937:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM5PR17MB0937A1CA75A9AF47B1066BF3AAF20@DM5PR17MB0937.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00963989E5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(396003)(39860400002)(136003)(346002)(376002)(366004)(189003)(199004)(478600001)(2906002)(2501003)(8676002)(81166006)(966005)(6486002)(6916009)(26005)(81156014)(1730700003)(2351001)(14444005)(5640700003)(66556008)(64756008)(66476007)(6436002)(66946007)(31686004)(2616005)(6116002)(186003)(66446008)(3846002)(66066001)(256004)(16799955002)(8936002)(7116003)(305945005)(476003)(99286004)(5660300002)(14454004)(7736002)(316002)(53936002)(71190400001)(25786009)(71200400001)(102836004)(6506007)(386003)(6306002)(68736007)(36756003)(86362001)(6512007)(52116002)(31696002)(486006)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR17MB0937; H:DM5PR17MB1211.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: YfgxBTnBKUV1R1jCcyL+sfzQLl3h540Sbe5Ucu7S0xtxlJ5zdziTX9qO6xWy/n+LSvzGJcgNZmDfftSZIrqKXH/D0n2v+3lvyJpapR1VImjurpMDhnPtAtWYePeJAkY6y0Zzv9NGlhzCenqgTWJ4wyB6QOQDVkryS32vXy8KawGr+ucnGxZszTgbg4J23kvpmbnar86CLCbG2/+w5JgtFXHO1hTzDFexmqJwTzIb10ALWxe2D9jNjeFVZ5VaHmDlJMOklUnwBxyq+fV0Gix0TC4T2ZzEoyyhTxQcI8doBwcZvdItBVxHa3OAqCsTV9DqHNqXHc0kGROZGYefz2pfj3ekAIhTuk3/MR72RHlyCIBJDHoPg2NUn87LqjGrdnjP8O0LbCIh1u/Uq2IGmvctDg/Mr4HIqfQOqYrcU0JsXQ0=
Content-Type: text/plain; charset="utf-8"
Content-ID: <F770791EB4F5214E9E43CD9932407D1A@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 209543f7-a915-42f8-71ff-08d706e85a88
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2019 16:45:31.9617 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: robs@comodoca.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR17MB0937
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/rAP7xrOek1lpO96UU-xuG6bmKRc>
Subject: [art] Against BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 16:45:37 -0000
During IESG review of RFC6962-bis (Certificate Transparency Version 2.0), BCP 190 is creating significant problems in standardizing HTTP-based APIs. Specifically, this paragraph of section 2.3 (https://tools.ietf.org/html/bcp190#section-2.3): Specifying a fixed path relative to another (e.g., {whatever}/myapp) is also bad practice (even if "whatever" is discovered as suggested in Section 3); while doing so might prevent collisions, it does not avoid the potential for operational difficulties (for example, an implementation that prefers to use query processing instead, because of implementation constraints). This paragraph should be struck. It is out of date, since all modern web servers can trivially rewrite paths to query components and back again. It also encourages inserting levels of indirection that add complexity and bugs. In RFC6962, all paths are specified relative to a "log server" prefix that can contain a path as well as a server name and a port: POST https://<log server>/ct/v1/add-chain GET https://<log server>/ct/v1/get-sth GET https://<log server>/ct/v1/get-entries?start=1000&end=2000 … 5 more request types defined similarly ... This version of CT, which preceded BCP 190, has been in production use for several years, with multiple independent implementers on both the server side and the client side. There have been no complaints that specifying paths in these ways is at all difficult or interferes with operation of other software. A similar problem arose during ACME standardization. At first it was solved by defining a "straight through" issuance path where each step provided a URL for the next step. This was abandoned because there are plenty of issuance cases that are not straight-through - for instance, revocation. Now ACME indirects all requests through a "directory" JSON object that maps, e.g. "newAuthz" to "https://example.com/newAuthz". This works moderately well, but adds complexity, increases the total number of requests, and as it turns out, may have bugs (https://www.rfc-editor.org/errata_search.php?eid=5771). For 6962-bis, the TRANS WG has cycled through three different attempts to work around BCP 190: a .well-known path prefixing all the paths defined by the API, a directory, and treating the entire set of request types as parameters to a log definition delivered out of band. All were found to be unsatisfactory. The affected URI owners (log operators) are being prevented by BCP 190 from doing what they would prefer to do with their URI space, which is to use URIs constructed in the same manner as RFC6962 (with "/ct/v1" changed to "/ct/v2"). BCP 190 is standing in the way of standardizing simple, sensible HTTP APIs and should be amended. Thanks, -- Rob Stradling Senior Research & Development Scientist Sectigo Limited
- [art] Against BCP 190 Rob Stradling
- Re: [art] Against BCP 190 Phillip Hallam-Baker
- Re: [art] Against BCP 190 S Moonesamy
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 S Moonesamy
- Re: [art] Against BCP 190 Henry S. Thompson
- Re: [art] Against BCP 190 masinter
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Rob Sayre
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Rob Sayre
- Re: [art] Against BCP 190 S Moonesamy
- [art] BCP 190, draft-nottingham-for-the-users, an… John C Klensin
- Re: [art] Against BCP 190 Melinda Shore
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] BCP 190, draft-nottingham-for-the-users… Adam Roach
- Re: [art] Against BCP 190 Melinda Shore
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Stephen Farrell
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Victor Vasiliev
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Tony Finch
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- [art] [arch-d] BCP 190, draft-nottingham-for-the-… Guntur Wiseno Putra
- [art] [arch-d] BCP 190, draft-nottingham-for-the-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra