Re: [Acme] Message Type/Version Identifiers
Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 19 December 2014 05:07 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A1F1ACCF2 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 21:07:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.4
X-Spam-Level:
X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, J_CHICKENPOX_55=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xB00fiwgaIzG for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 21:07:28 -0800 (PST)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E7131ACC8D for <acme@ietf.org>; Thu, 18 Dec 2014 21:07:28 -0800 (PST)
Received: by mail-wi0-f181.google.com with SMTP id r20so575325wiv.2 for <acme@ietf.org>; Thu, 18 Dec 2014 21:07:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=41BljCjiPXsIDgYF4pnKaNSx/J7/kg2H1CGVnGSzwHg=; b=UQkYPjFBdYig6y+eLSIEuH5S+uPtA0ZOREiBG01b7GicEw0q3uIS5docOc0pL5ZJxG J3T0RMRrs8CmQTNzumdLll49/yz+otkoX6h4HiRq9kFTudk+rfksLkJNea40pNLJ99UD eWVVWFwiKS/7MdSfBXdqzbu14NWnRaRyS2HTGD4DKcmbyEQhEljRauhVWQUYIpVOu9Ku 0FGcKN8Ng9ZPKfBFITxAQNanfvRCe1ymJzd9zCnavn+q7ie70lH5Saudoc02u+nQHoME 4nXBe5dQ5J2KJizJas0mMZsrDxl5XVk1dgSB1FCYHKtmXfbKUdos0rh24wFgULOe8r+d i+fQ==
X-Received: by 10.180.108.235 with SMTP id hn11mr2161425wib.14.1418965646853; Thu, 18 Dec 2014 21:07:26 -0800 (PST)
Received: from [192.168.1.79] (52.16.14.81.rev.sfr.net. [81.14.16.52]) by mx.google.com with ESMTPSA id bj3sm980760wib.3.2014.12.18.21.07.25 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 18 Dec 2014 21:07:26 -0800 (PST)
Message-ID: <5493B286.4020001@gmail.com>
Date: Fri, 19 Dec 2014 06:07:18 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <phill@hallambaker.com>, Martin Thomson <martin.thomson@gmail.com>
References: <5492B595.6020605@gmail.com> <CABkgnnX2PEfJZo+fJiUwTFM4yOzK-ME45fTk_vhN9mRMzzv74A@mail.gmail.com> <CAMm+LwgW+yY4xmqs-099Tkojwnovd_u=95AHygjxqs_kDxujpw@mail.gmail.com>
In-Reply-To: <CAMm+LwgW+yY4xmqs-099Tkojwnovd_u=95AHygjxqs_kDxujpw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/opdHJgGwxHAWSwRzTuUBEgOtpqc
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Message Type/Version Identifiers
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 05:07:35 -0000
On 2014-12-18 22:43, Phillip Hallam-Baker wrote: > +1 > Just for the record, service discovery will in your opinion eliminate the need for explicit version information at the message object level (because this is really what I'm asking for)? I prefer URIs but of course traditional minor.major works as well. Anders > We are doing an IETF spec, not a W3C spec. > > I have a lot of experience in using URIs as protocol identifiers, I originally proposed using them in the PICS spec them and I don't think they work at all. In the PICS spec the specific objective was to drive a wedge between the Dworkin/Mackinon supporters of censorship and the Religious Right supporters. If there had been one control lever they would have been forced to work together to agree on its use. Giving each their own lever collapsed their coalition. > > In that particular instance it was essential to provide a mechanism that allowed anyone to fork at any time. So it could not use a protocol registry. > > > Here we have a Web Service spec and the objective is to end up with a common spec. So the starting point should be an IANA registration. Since we are doing Web Services, the obvious registry is the SRV registry. It would also be rather convenient to have a .well-known default URI. > > I see no reason not to use the prefix ACME for both. So initial discovery would be via SRV record: > > _acme._ws.example.com <http://ws.example.com> SRV 1 1 443 acmehost.example.com <http://acmehost.example.com> > > > The host is acmehost.example.com <http://acmehost.example.com>, so the service URI is: > > http://acmehost.example.com/.well-known/acme/ > > > That leaves two other questions, one is protocol version and the other is service feature set. These are independent. There might be a 1.0 service that supports the issue of both server and client certs and a 3.0 service that only supports server. > > We discussed this earlier, but one of the features many folk have suggested for the ACME protocol is a mechanism that allows a client to interrogate it to ask what it supports. I think this can be described as an instance of a general mechanism that can be copied by other specs. > > For versioning, the usual Major.Minor convention works fine. > For feature sets, an IANA registry of text keywords using the RFC20 subset of UTF8 (as we now refer to US-ASCII). > > > So I would see a conversation of the following sort: > > http/1.1 GET http://acmehost.example.com/.well-known/acme/ > .. headers .. > > { "Describe" {} } > > > Responses might be > > { "Versions" : ["1.0"] } > > { "Versions" :["1.0"], > "Supports" : [ > {"ACME" : ["Server", "Client"] }] } > > { "Versions" : ["1.0", "2.0"] > "Supports" : [ > {"ACME" : ["Server"] }, > { "Versions" :["2.0"], "ACME" : ["Server", "Client"] }] } > > So the first only supports the default features. The second supports Client and Server cert issue. The third supports the 2.0 version of the protocol as well as 1.0 but only supports client cert issue for 2.0. > > Specifying the Feature and Version numbers as strings allows for a lot of flexibility. So for example, a service might support version 1.0 and 3.0 but not 2.0 which turned out to be a doofus version (think X.509v2 certs). > > > If we do this in a well defined fashion we can eventually push the same attributes out into the DNS as part of the service registration interface and publish them via some new RR that is TBS which would allow them to be used for host selection. > > Using the SRV/WKS label for the features tag identifies these as attributes that would be defined in the ACME registry. this allows for better reuse of code points in the case that we were to use this for other negotiation dimensions. > > > An ACME service that does not support the Describe method would only support the 0.0 version of the service by definition. > > > Like the signature scheme outlined earlier, this is a module that can be reused very easily. > > > On Thu, Dec 18, 2014 at 2:53 PM, Martin Thomson <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com>> wrote: > > On 18 December 2014 at 03:08, Anders Rundgren > <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > I have "backported" these things to JSON because I think they were good. A > > system like > > ACME could also use such a scheme since there will undoubtedly be revisions > > over time. > > I can appreciate the attraction, but this is a big "no" for me. > Absence of these features is one of the reasons that JSON has proven > successful over XML. > > If you need versioning at that level, I'd recommend defining a content > type instead. > > _______________________________________________ > Acme mailing list > Acme@ietf.org <mailto:Acme@ietf.org> > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Richard Barnes
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Richard Barnes
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Salz, Rich
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Salz, Rich
- Re: [Acme] Message Type/Version Identifiers Anders Rundgren
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Martin Thomson
- Re: [Acme] Message Type/Version Identifiers Phillip Hallam-Baker
- Re: [Acme] Message Type/Version Identifiers Richard Barnes