Re: [Anima] chain of redirections for Cloud Registrar
Toerless Eckert <tte@cs.fau.de> Mon, 14 June 2021 16:09 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F41973A2959 for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tt2NAMFBdZZO for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:09:49 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C89803A2957 for <anima@ietf.org>; Mon, 14 Jun 2021 09:09:48 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id E713854802F; Mon, 14 Jun 2021 18:09:42 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id E1A934E776E; Mon, 14 Jun 2021 18:09:42 +0200 (CEST)
Date: Mon, 14 Jun 2021 18:09:42 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Carsten Bormann <cabo@tzi.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, max pritikin <pritikin@cisco.com>, anima@ietf.org
Message-ID: <20210614160942.GB28552@faui48e.informatik.uni-erlangen.de>
References: <6572.1623550948@localhost> <B2AB9C25-FA39-43F2-A768-3B7544518B9D@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <B2AB9C25-FA39-43F2-A768-3B7544518B9D@tzi.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/lamrkAQHZdcb7evfkp_gXASjdW4>
Subject: Re: [Anima] chain of redirections for Cloud Registrar
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 16:09:54 -0000
I think multiple redirects can make a lot of sense, as Mcr said for resale chains for example.
I wouldn't be too bothered with DoS attacks an attepting to come up with a tiny number.
I'd rather go with a number larger than what i can think of being useful. 10 for example.
I could build a load-sharing ring with that ("I am busy, try next") of reasonable size.
I my pet topic of course is diagnostics of non-malicious misconfigs.
So, when a pledge is redirected from
https://domain3.com/.well-known/brski/requestvoucher
https://domain4.com/.well-known/brski/requestvoucher
Could we make the pledge actually do the get with a breadcrump trail:
On https://domain4.com connection:
GET /.well-known/brski/requestvoucher?brskiredirpath=domain3.com,domain2.com,domain.com
That way, domain4 would know wherer the pledge came from.
Cheers
Toerless
On Sun, Jun 13, 2021 at 07:41:18AM +0200, Carsten Bormann wrote:
> On 13. Jun 2021, at 04:22, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> >
> > "another web origin" --- I guess I don't know what this means.
>
> See RFC 6454 "The Web Origin Concept???.
>
> In short, scheme + authority.
>
> > Does it mean redirecting from https://one.example/foo to https://two.example/bar,
>
> Different origins https://one.example vs. https://two.example
>
> > or does it refer to https://one.example/foo to https://one.example/bar etc.
>
> Same origin https://one.example
>
> I don???t like the term that much, but it is in wide use in the combination ???Same origin principle???.
> In RFC 7252, we use ???Origin server??? to identify the serving endpoint.
> (Of course, ???endpoint" has been hijacked as a needless synonym of ???resource??? in OAuth.)
>
> Somebody should write a Web terminology glossary :-)
>
> Grüße, Carsten
>
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
- [Anima] chain of redirections for Cloud Registrar Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Carsten Bormann
- [Anima] BRSKI redirect Q (was: Re: chain of redir… Toerless Eckert
- Re: [Anima] chain of redirections for Cloud Regis… Toerless Eckert
- Re: [Anima] BRSKI redirect Q (was: Re: chain of r… Michael Richardson
- Re: [Anima] chain of redirections for Cloud Regis… Michael Richardson