Re: [art] Against BCP 190
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 12 July 2019 19:03 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98CB5120926 for <art@ietfa.amsl.com>; Fri, 12 Jul 2019 12:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.107
X-Spam-Level:
X-Spam-Status: No, score=-0.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.247, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwM31-Z4k8um for <art@ietfa.amsl.com>; Fri, 12 Jul 2019 12:03:33 -0700 (PDT)
Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F102120919 for <art@ietf.org>; Fri, 12 Jul 2019 12:03:29 -0700 (PDT)
Received: by mail-ot1-f43.google.com with SMTP id e8so10455760otl.7 for <art@ietf.org>; Fri, 12 Jul 2019 12:03:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pmSdyI6U9ybAqys6q7UUiNig0BqUhPgVrrdBv1Y29d0=; b=CjNEKAwx5tKreoSj1JWmy4Mvb7y/klqrzEEslOlYfd/znRC5mrtvEipQoEzuBE6BVD gmZ40jxCfraZpiXnQKYQP8MfQDAhQUvjFFF9pOBV3yTq/5VkTm3zMIta+JJ+g45Llg3O oVVPQLXp/LHT8hCCVZHCxDnjd+RBwwK/O8MlK7B3gwLXKfh8aeJWqLreI6u1DNlig/B2 Fw31syrEdDUqRPtLyjXnWq8Iv2ftMQNInhPhXXohW31N1Qcx07VX3bKM2qtHoCYtXkrx MRpOxIoEbpzlN9/leL92At77Noz3J+zHGLmaiNamj+XyF5sKEpXKJbW6YfiJRnbN1vaT bIRg==
X-Gm-Message-State: APjAAAVbLiq3zIi66jmVGBeflVigvyzwXLUDQTvZMu2c/4QfNo9Nu7JF gAhb5S4U0soIl3PoYY2prBkGDAAVBp2pJMt4Z9Y=
X-Google-Smtp-Source: APXvYqyOjqzKEK03SsURaMyRfvrZW3QJ/E178XUMCO/4DpamFYx1Y6Y7j9IeJUFDe2Mer+2ldW5+2UCYMrb0vSL6640=
X-Received: by 2002:a05:6830:160c:: with SMTP id g12mr10121120otr.231.1562958208219; Fri, 12 Jul 2019 12:03:28 -0700 (PDT)
MIME-Version: 1.0
References: <791b33b8-4696-f69c-aca3-8838b2caafd8@sectigo.com>
In-Reply-To: <791b33b8-4696-f69c-aca3-8838b2caafd8@sectigo.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 12 Jul 2019 15:03:17 -0400
Message-ID: <CAMm+Lwi4Rh4njOppZc4Sdnuzcyrthfoe=ie+6mNm1W6R0mvXaQ@mail.gmail.com>
To: Rob Stradling <rob@sectigo.com>
Cc: "art@ietf.org" <art@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ccc11b058d80900d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/FEFiDHZ6XtyqT9DOmLx06-U3W40>
Subject: Re: [art] Against BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 19:03:37 -0000
I see two separate problems here with relative paths 1) The path is an extension {whatever}/foo/bar 2) The path climbs the tree {whatever} = ../fred The problem dealing with the second is that you end up with security issues that affect ZIP files every five years as the code is re-implemented by a new person who makes the old mistake. So unzipping a zip archive ends up overwriting the hosts file or whatever and allows the machine to be rooted. I see no problem with {whatever}/foo/bar if whatever is a simple prefix. But it is not an approach to Web Service design I find particularly useful any more. Unless a Web service is genuinely a data retrieval problem, it is not going to use HTTP for anything more than expanding the effective number of ports on the machine and punching a hole in the firewall. Both are necessary and useful. But they use about 5% of the capabilities of HTTP if that. My view therefore is that as TLS everywhere and QUIC take over, we should look forward to being able to specify a new UDP based transport for 'Web Service' binding that is designed to meet the needs of Web services and nothing else. The firewall bypass to be provided by TLS/QUIC. So all we need to provide at the 'Web Service' layer is a means of disambiguating the sub-service protocol. So where I expect we will end up in 5-10 years time is that 'Web Services' run over a different transport where the interaction looks something like Client: <well-known> <length> <binary data> Service: <length> <binary data> Client: <length> <binary data> Etc... Since this would just be using the protocol multiplexing and data framing capabilities of HTTP, it can be a lot simpler than HTTP. We don't want to cache in the network (which hasn't worked since SSL) and we certainly don't want content negotiation. I don't like REST because I don't find URIs a useful data encoding and see no value in splitting the request semantics between the URI path and the POST body. Just do it all in JSON, stick it all in the body and then you have a simple way to wrap it with a signature or an application level keyed MAC if you need it. So that is where I think we should try to head. Just make the traffic look as nearly like TLS as allows firewall traversal and make sure that legacy clients and services can downgrade to HTTP. Web Services require almost none of the functionality of HTTP/1.1 so I see no reason they would benefit from HTTP/2. On Fri, Jul 12, 2019 at 12:45 PM Rob Stradling <rob@sectigo.com> wrote: > During IESG review of RFC6962-bis (Certificate Transparency Version > 2.0), BCP 190 is creating significant problems in standardizing > HTTP-based APIs. Specifically, this paragraph of section 2.3 > (https://tools.ietf.org/html/bcp190#section-2.3) > > Specifying a fixed path relative to another (e.g., {whatever}/myapp) > is also bad practice (even if "whatever" is discovered as suggested > in Section 3); while doing so might prevent collisions, it does not > avoid the potential for operational difficulties (for example, an > implementation that prefers to use query processing instead, because > of implementation constraints). > > This paragraph should be struck. It is out of date, since all modern > web servers can trivially rewrite paths to query components and back > again. It also encourages inserting levels of indirection that add > complexity and bugs. > > In RFC6962, all paths are specified relative to a "log server" prefix > that can contain a path as well as a server name and a port: > > POST https://<log server>/ct/v1/add-chain > GET https://<log server>/ct/v1/get-sth > GET https://<log server>/ct/v1/get-entries?start=1000&end=2000 > … 5 more request types defined similarly ... > > This version of CT, which preceded BCP 190, has been in production use > for several years, with multiple independent implementers on both the > server side and the client side. There have been no complaints that > specifying paths in these ways is at all difficult or interferes with > operation of other software. > > A similar problem arose during ACME standardization. At first it was > solved by defining a "straight through" issuance path where each step > provided a URL for the next step. This was abandoned because there are > plenty of issuance cases that are not straight-through - for instance, > revocation. Now ACME indirects all requests through a "directory" JSON > object that maps, e.g. "newAuthz" to "https://example.com/newAuthz". > This works moderately well, but adds complexity, increases the total > number of requests, and as it turns out, may have bugs > (https://www.rfc-editor.org/errata_search.php?eid=5771) > > For 6962-bis, the TRANS WG has cycled through three different attempts > to work around BCP 190: a .well-known path prefixing all the paths > defined by the API, a directory, and treating the entire set of request > types as parameters to a log definition delivered out of band. All were > found to be unsatisfactory. The affected URI owners (log operators) are > being prevented by BCP 190 from doing what they would prefer to do with > their URI space, which is to use URIs constructed in the same manner as > RFC6962 (with "/ct/v1" changed to "/ct/v2"). > > BCP 190 is standing in the way of standardizing simple, sensible HTTP > APIs and should be amended. > > Thanks, > > -- > Rob Stradling > Senior Research & Development Scientist > Sectigo Limited > _______________________________________________ > art mailing list > art@ietf.org > https://www.ietf.org/mailman/listinfo/art >
- [art] Against BCP 190 Rob Stradling
- Re: [art] Against BCP 190 Phillip Hallam-Baker
- Re: [art] Against BCP 190 S Moonesamy
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 S Moonesamy
- Re: [art] Against BCP 190 Henry S. Thompson
- Re: [art] Against BCP 190 masinter
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Rob Sayre
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Rob Sayre
- Re: [art] Against BCP 190 S Moonesamy
- [art] BCP 190, draft-nottingham-for-the-users, an… John C Klensin
- Re: [art] Against BCP 190 Melinda Shore
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] BCP 190, draft-nottingham-for-the-users… Adam Roach
- Re: [art] Against BCP 190 Melinda Shore
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Stephen Farrell
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Victor Vasiliev
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Leif Johansson
- Re: [art] Against BCP 190 Adam Roach
- Re: [art] Against BCP 190 Tony Finch
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- [art] [arch-d] BCP 190, draft-nottingham-for-the-… Guntur Wiseno Putra
- [art] [arch-d] BCP 190, draft-nottingham-for-the-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra
- Re: [art] [arch-d] BCP 190, draft-nottingham-for-… Guntur Wiseno Putra