Re: [art] On BCP 190
Jacob Hoffman-Andrews <jsha@letsencrypt.org> Wed, 24 July 2019 17:49 UTC
Return-Path: <jsha@letsencrypt.org>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8A2120112 for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 10:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8VwGUZJWXK7K for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 10:49:47 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 937D2120059 for <art@ietf.org>; Wed, 24 Jul 2019 10:49:47 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id l9so46317457qtu.6 for <art@ietf.org>; Wed, 24 Jul 2019 10:49:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4pRAAwvfk1iDYggzyJ1EXn9ZjDhau4v7U5WMgPoGIEI=; b=AicVnLDw8nhbZsuWBjW+D+A5IoUnktgTOeWV3aVH4fwwgCvLsLexWzrRMPkF4imBEC Go2BkkULElHTuqL56k8eU+FV15Xl6zrz4jp/dDyxtPfgj2U/U8dJnyfnK7DT1PfQKdT+ jkSOS6EE5tWc/DIWGK/xjJ2J3GtZrsqGMnh9Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4pRAAwvfk1iDYggzyJ1EXn9ZjDhau4v7U5WMgPoGIEI=; b=aakylZ9Bm5eXX97IGbkXxbPxmBTN3kRmRr+3ZlThcF0Q1KD1Xh9FTb46o75ZNq4ZWV 385qzWx/a70Ux867x0kvQj5/nkQpCq5ilB75aV1YSuyWEvOj8qIPXYmB6tTI8IzBBMbi KXm1WhyYS4drtOpcxn8swfYBHMiQFQhPunOcgX+ZDrV8z4fDirxN4+6INAnCwYcJmlBE A6S34pa0Xd478m0BS2mDUNakNDOfyzm5ZphOsHXe+U/RlxPzjrwQ+F9mTsIsPIZTuy5R iOLFVTRj1cCIQvc3gNYphONT9fBIWxcEGPZsYWun9urQeJnUvYqAMh0Z6aXKnnU8AUlX GHSA==
X-Gm-Message-State: APjAAAXeYM7GZ5qUgplQjfhIm0gXbb9Kb0yRXdvpQ6eS5rm/ao+hIeBE CPUO4LJX+zwpAF6isGeGIeXqOWVfMcE1tXoHBMsbng==
X-Google-Smtp-Source: APXvYqwfmdP6qUn9eRDR4UPJLyaXE8Jra75p4jgHSzgAD0zuKGJ3y7AXO+f3dAByiYGN/VlZTGTsYmESnqXngIjR4/A=
X-Received: by 2002:ac8:26d9:: with SMTP id 25mr59824717qtp.377.1563990586709; Wed, 24 Jul 2019 10:49:46 -0700 (PDT)
MIME-Version: 1.0
References: <58BF6171-03BB-4F83-940F-3A101EFDD67F@mnot.net> <CAN3x4Q=Jo1uBvfCG6CSrociYgdG+E4jq+4cB1txPjgboth2q9g@mail.gmail.com> <372FA049-7B33-4981-A0E0-41BD454CB770@mnot.net>
In-Reply-To: <372FA049-7B33-4981-A0E0-41BD454CB770@mnot.net>
From: Jacob Hoffman-Andrews <jsha@letsencrypt.org>
Date: Wed, 24 Jul 2019 10:49:20 -0700
Message-ID: <CAN3x4QmJsfx48MdhcBB+XWX+vfv=skSR2Z6kNPBWGVobvzNuFA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: ART Area <art@ietf.org>, Devon O'Brien <devon.obrien@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005a6d14058e70ef38"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/K3WkXQ_Q41ANXWTpTRk3imPG-ek>
Subject: Re: [art] On BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 17:49:50 -0000
On Wed, Jul 24, 2019 at 10:24 AM Mark Nottingham <mnot@mnot.net> wrote: > > It's this part of BCP 190 Section 2.3 that is causing the issue: > > > > > Specifying a fixed path relative to another (e.g., {whatever}/myapp) > > > is also bad practice (even if "whatever" is discovered as suggested > > > in Section 3); while doing so might prevent collisions, it does not > > > avoid the potential for operational difficulties (for example, an > > > implementation that prefers to use query processing instead, because > > > of implementation constraints). > > > > To be clear, the "whatever" in this case is referred to as <log server> > in CT, and is discovered via the known logs list ( > https://www.certificate-transparency.org/known-logs) and browser CT > programs. > > Yes -- and this text should definitely be considered when revising 190. > Like I said, we've moved on a fair amount since then (although we still > have a ways to go). > > One thing I'd like to see in a revision is a clearer separation between > "you're potentially harming others by doing this; don't do it" and "you're > potentially harming yourself by doing this; think carefully before > proceeding." > Which category to you think that paragraph of Section 2.3 (call it 2.3b) belongs to? It sounds like it belongs to the "harming yourself" category, which means that it's not actually protecting a commons. And to be clear, even though 2.3b sounds advisory-only, it's this clause at the top of Section 2.3 that has broader normative language: > specifications MUST NOT constrain, > or define the structure or the semantics for any path component. > a) that some people don't have access to .well-known on their servers -- > but this seems like a very poor argument for this particular use case. > Andrew Ayer presented one concrete case where the use of .well-known presented implementation difficulties for Google, a company that presumably has full control over its servers. I don't know the details of why, but I can guess: .well-known is dangerous. As a hosting provider, allowing users to upload abritrary files to /.well-known/acme-challenge means the users can get certificates for the hosted domain name. Probably there are other security-relevant things under /.well-known/. The safe and reasonable thing is to just block access to /.well-known/. I would guess that Google's security team has set a policy: All access to .well-known is blocked at the frontends unless it's gone through a detailed review. So we have advice in BCP 190 meant to ensure that protocols allow implementers to implement any way they want (e.g. with query parameters to represent semantics). But instead, the advice to require /.well-known/ is creating practical barriers for implementers to implement things in the way they want. Also, if the reasoning for 2.3b is that implementers might only be able to use query parameters, not paths, then specifying paths under .well-known doesn't solve that problem at all. Thanks, Jacob
- [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- [art] Is CT single-use origins or not? (Re: On BC… Adam Roach
- Re: [art] Is CT single-use origins or not? (Re: O… Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Is CT single-use origins or not? (Re: O… Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Larry Masinter
- Re: [art] On BCP 190 Carsten Bormann
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Call for Consensus: Re: On BCP 190 Carsten Bormann
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Stephen Farrell
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Sayre
- Re: [art] On BCP 190 Tony Finch
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Stradling
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Melinda Shore
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Ben Campbell
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Larry Masinter