Re: [Acme] Message Type/Version Identifiers
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 18 December 2014 21:43 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DCC01A8877 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 13:43:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oShLPCB0eBox for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 13:43:49 -0800 (PST)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 603641A8774 for <acme@ietf.org>; Thu, 18 Dec 2014 13:43:48 -0800 (PST)
Received: by mail-lb0-f174.google.com with SMTP id 10so1703328lbg.19 for <acme@ietf.org>; Thu, 18 Dec 2014 13:43:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=5TSu8KviP06fg2ZFo72zxw+zmQNRr89TC1mfm8VPZBU=; b=APB+aOzGWZzHe0b7h6hGgSnXf7FFyqOyx33e6HjCoJj1a0XseFFj87leaApN4lcJAC jaPOg/VcaPFHpMtSj+g7UkslFUqlWfJzjj/9mmHaqjTt8v+ajF6UT/HkOGXccwDpDBsf FQXh4UCcX6Ph+6+5V70U/xJGGFIEvesMS0OPPrVWRYhG2ZYx46ZQ9THyRpICSoT/NNiN WUD1wkq4lLeOPo06td7Oa7zCRt9g0FmDQiztsvPtS0VH7Cl7mI4dJRAkjo6l3HccOL2c Wn8tc4qExJpXmu2TEx0g/wIdTmkgpbV/n3RU2SfUGXoj97OAG1mnecnGeZeUPcB9B0md NELw==
MIME-Version: 1.0
X-Received: by 10.152.87.67 with SMTP id v3mr4299730laz.97.1418939026823; Thu, 18 Dec 2014 13:43:46 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.19.42 with HTTP; Thu, 18 Dec 2014 13:43:46 -0800 (PST)
In-Reply-To: <CABkgnnX2PEfJZo+fJiUwTFM4yOzK-ME45fTk_vhN9mRMzzv74A@mail.gmail.com>
References: <5492B595.6020605@gmail.com> <CABkgnnX2PEfJZo+fJiUwTFM4yOzK-ME45fTk_vhN9mRMzzv74A@mail.gmail.com>
Date: Thu, 18 Dec 2014 16:43:46 -0500
X-Google-Sender-Auth: o5N8F8FEOG6MzFnwohBjXnc9Y8w
Message-ID: <CAMm+LwgW+yY4xmqs-099Tkojwnovd_u=95AHygjxqs_kDxujpw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c3510aa6dfd4050a847c3d"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/flLH70oB-xgMZQ-o0zCyGUr02XM
Cc: "acme@ietf.org" <acme@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [Acme] Message Type/Version Identifiers
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 21:43:51 -0000
+1 We are doing an IETF spec, not a W3C spec. I have a lot of experience in using URIs as protocol identifiers, I originally proposed using them in the PICS spec them and I don't think they work at all. In the PICS spec the specific objective was to drive a wedge between the Dworkin/Mackinon supporters of censorship and the Religious Right supporters. If there had been one control lever they would have been forced to work together to agree on its use. Giving each their own lever collapsed their coalition. In that particular instance it was essential to provide a mechanism that allowed anyone to fork at any time. So it could not use a protocol registry. Here we have a Web Service spec and the objective is to end up with a common spec. So the starting point should be an IANA registration. Since we are doing Web Services, the obvious registry is the SRV registry. It would also be rather convenient to have a .well-known default URI. I see no reason not to use the prefix ACME for both. So initial discovery would be via SRV record: _acme._ws.example.com SRV 1 1 443 acmehost.example.com The host is acmehost.example.com, so the service URI is: http://acmehost.example.com/.well-known/acme/ That leaves two other questions, one is protocol version and the other is service feature set. These are independent. There might be a 1.0 service that supports the issue of both server and client certs and a 3.0 service that only supports server. We discussed this earlier, but one of the features many folk have suggested for the ACME protocol is a mechanism that allows a client to interrogate it to ask what it supports. I think this can be described as an instance of a general mechanism that can be copied by other specs. For versioning, the usual Major.Minor convention works fine. For feature sets, an IANA registry of text keywords using the RFC20 subset of UTF8 (as we now refer to US-ASCII). So I would see a conversation of the following sort: http/1.1 GET http://acmehost.example.com/.well-known/acme/ .. headers .. { "Describe" {} } Responses might be { "Versions" : ["1.0"] } { "Versions" :["1.0"], "Supports" : [ {"ACME" : ["Server", "Client"] }] } { "Versions" : ["1.0", "2.0"] "Supports" : [ {"ACME" : ["Server"] }, { "Versions" :["2.0"], "ACME" : ["Server", "Client"] }] } So the first only supports the default features. The second supports Client and Server cert issue. The third supports the 2.0 version of the protocol as well as 1.0 but only supports client cert issue for 2.0. Specifying the Feature and Version numbers as strings allows for a lot of flexibility. So for example, a service might support version 1.0 and 3.0 but not 2.0 which turned out to be a doofus version (think X.509v2 certs). If we do this in a well defined fashion we can eventually push the same attributes out into the DNS as part of the service registration interface and publish them via some new RR that is TBS which would allow them to be used for host selection. Using the SRV/WKS label for the features tag identifies these as attributes that would be defined in the ACME registry. this allows for better reuse of code points in the case that we were to use this for other negotiation dimensions. An ACME service that does not support the Describe method would only support the 0.0 version of the service by definition. Like the signature scheme outlined earlier, this is a module that can be reused very easily. On Thu, Dec 18, 2014 at 2:53 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 18 December 2014 at 03:08, Anders Rundgren > <anders.rundgren.net@gmail.com> wrote: > > I have "backported" these things to JSON because I think they were > good. A > > system like > > ACME could also use such a scheme since there will undoubtedly be > revisions > > over time. > > I can appreciate the attraction, but this is a big "no" for me. > Absence of these features is one of the reasons that JSON has proven > successful over XML. > > If you need versioning at that level, I'd recommend defining a content > type instead. > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Richard Barnes
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Richard Barnes
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Salz, Rich
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Salz, Rich
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Richard Barnes