[apps-discuss] R: Webfinger

Goix Laurent Walter <laurentwalter.goix@telecomitalia.it> Mon, 21 November 2011 10:26 UTC

Return-Path: <laurentwalter.goix@telecomitalia.it>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C98021F8BAB for <apps-discuss@ietfa.amsl.com>; Mon, 21 Nov 2011 02:26:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.784
X-Spam-Level:
X-Spam-Status: No, score=0.784 tagged_above=-999 required=5 tests=[AWL=-0.287, BAYES_05=-1.11, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBqlTrXLmGun for <apps-discuss@ietfa.amsl.com>; Mon, 21 Nov 2011 02:26:34 -0800 (PST)
Received: from GRFEDG701BA020.telecomitalia.it (grfedg701ba020.telecomitalia.it [156.54.233.200]) by ietfa.amsl.com (Postfix) with ESMTP id BABE121F8BA9 for <apps-discuss@ietf.org>; Mon, 21 Nov 2011 02:26:33 -0800 (PST)
Content-Type: multipart/mixed; boundary="_7fa74c1e-a0cb-4fca-b9d3-9aed82472b1d_"
Received: from grfhub704ba020.griffon.local (10.188.101.117) by GRFEDG701BA020.telecomitalia.it (10.188.45.100) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 21 Nov 2011 11:26:33 +0100
Received: from GRFMBX704BA020.griffon.local ([10.188.101.16]) by grfhub704ba020.griffon.local ([10.188.101.117]) with mapi; Mon, 21 Nov 2011 11:26:32 +0100
From: Goix Laurent Walter <laurentwalter.goix@telecomitalia.it>
To: =?utf-8?B?Ik15a3l0YSBZZXZzdGlmZXlldiAo0JwuINCE0LLRgdGC0ZbRhNC10ZTQsiki?= <evnikita2@gmail.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Date: Mon, 21 Nov 2011 11:26:31 +0100
Thread-Topic: [apps-discuss] Webfinger
Thread-Index: AcynQf+MU+OlG+4OSBC52mee0899vwA9NKaQ
Message-ID: <A09A9E0A4B9C654E8672D1DC003633AE4057005F31@GRFMBX704BA020.griffon.local>
References: <032101cc9288$e3a06910$aae13b30$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735EDED@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4EC88AAF.2000007@gmail.com>
In-Reply-To: <4EC88AAF.2000007@gmail.com>
Accept-Language: en-US
Content-Language: it-IT
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
Subject: [apps-discuss] R: Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2011 10:26:35 -0000

+1 for this. There may not be the need for HTTPS all the time. Some security could be provided using XRD signature, which may be considered enough by some implementations.

Also I do not see why JRD need be mandated instead of XRD, which existed long before and is already used and referenced by several specs, which may not be aware/akeen to also support json.
I guess it also relates to which entity will use webfinger. My understand is that nowadays a webfinger client is implemented by a network resource for federation purposes more than within some javascript code. I can understand future usages for a direct javascript invocation but wouldn’t limit to it, to keep consistency with XRD.

walter

Da: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] Per conto di "Mykyta Yevstifeyev (?. ?????????)"
Inviato: domenica 20 novembre 2011 6.06
A: apps-discuss@ietf.org
Oggetto: Re: [apps-discuss] Webfinger

19.11.2011 17:03, Eran Hammer-Lahav wrote:

Are there reasons not to mandate HTTPS?

I don't think the document should put MUST on using HTTPS.  RFC 6415 specified that host-meta document can be located using both HTTP and HTTPS, and I don't see a reason to constrain this in Webfinger.  Maybe the spec. should repeat that both HTTP and secured variants may be used.

Mykyta Yevstifeyev
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.

This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks.

[cid:00000000000000000000000000000001@TI.Disclaimer]Rispetta l'ambiente. Non stampare questa mail se non è necessario.