Re: [Anima] BRSKI redirect Q (was: Re: chain of redirections for Cloud Registrar)
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 14 June 2021 17:23 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F8B13A2B87 for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 10:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.162
X-Spam-Level: *
X-Spam-Status: No, score=1.162 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.398, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, URI_TRY_3LD=1.997] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pyi4-1gHXrg2 for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 10:23:43 -0700 (PDT)
Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63AB03A2B8A for <anima@ietf.org>; Mon, 14 Jun 2021 10:23:43 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [142.169.78.190]) by relay.sandelman.ca (Postfix) with ESMTPS id DECDA1F456; Mon, 14 Jun 2021 17:23:39 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 686531A293E; Mon, 14 Jun 2021 13:23:38 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Toerless Eckert <tte@cs.fau.de>, Carsten Bormann <cabo@tzi.org>, max pritikin <pritikin@cisco.com>, anima@ietf.org
In-reply-to: <20210614160212.GA28552@faui48e.informatik.uni-erlangen.de>
References: <6572.1623550948@localhost> <B2AB9C25-FA39-43F2-A768-3B7544518B9D@tzi.org> <20210614160212.GA28552@faui48e.informatik.uni-erlangen.de>
Comments: In-reply-to Toerless Eckert <tte@cs.fau.de> message dated "Mon, 14 Jun 2021 18:02:12 +0200."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 14 Jun 2021 13:23:38 -0400
Message-ID: <79889.1623691418@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/Cc9s7Mz6oHmsrz1ztB71WG3SbcQ>
Subject: Re: [Anima] BRSKI redirect Q (was: Re: chain of redirections for Cloud Registrar)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 17:23:49 -0000
Toerless Eckert <tte@cs.fau.de> wrote: > AFAIK, a 307 redirect can redirect to any other location and not only a > different origin, e.g.: > GET https://mycloudreg.example.com/.well-known/brski/requestvoucher -> 307, Location: https://mycloudreg.example2.com/whatthecke/strangeurl > AFAIK, there is no text prohibiting this in rfc8995 (or for that matter > rfc7030). > I don't think such a redirect would work, because the pledge wouldn't > know what the URL for followup commands such as requestvoucher (or any > EST command) would be. For a RF8995-only pledge that was working through a proxy would be unable to reach another web origin, because the TCP connection is forced to a particular place. The pledge can go from /.well-known/brski/requestvoucher to /whatthecke/strangeurl, as long as the redirect was relative. Cloud-brski assumes that the pledge has connectivity, so it can go "anywhere" -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima] chain of redirections for Cloud Registrar Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Carsten Bormann
- [Anima] BRSKI redirect Q (was: Re: chain of redir… Toerless Eckert
- Re: [Anima] chain of redirections for Cloud Regis… Toerless Eckert
- Re: [Anima] BRSKI redirect Q (was: Re: chain of r… Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Michael Richardson